Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101902 EXPLOITDB text
OpenDreamBox 2.0.0 Plugin WebAdmin - Remote Code Execution
by Jonatas Fil
CVE-2017-5637 EXPLOITDB HIGH python
Apache ZooKeeper 3.4.0-3.4.9 and 3.5.0-3.5.2 - Unauthenticated Denial of Service via wchp/wchc Commands
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
by Brandon Dennis
CVSS 7.5
CVE-2017-18345 EXPLOITDB CRITICAL python
joomanager < 2.0.0 - Unauthenticated Arbitrary File Download via configuration.php Path Parameter
The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request.
by Luth1er
CVSS 9.8
EIP-2026-103482 EXPLOITDB text VERIFIED
Google Chrome - Out-of-Bounds Access in RegExp Stubs
by Google Security Research
CVE-2017-10803 EXPLOITDB MEDIUM
Odoo 8.0, 9.0, 10.0 - Authenticated Remote Code Execution via Database Anonymization Unpickle
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used.
by SecuriTeam
CVSS 6.5
EIP-2026-101790 EXPLOITDB python
Humax HG100R 2.0.6 - Backup File Download
by gambler
EIP-2026-100064 EXPLOITDB text VERIFIED
eVestigator Forensic PenTester - Man In The Middle Remote Code Execution
by intern0t
EIP-2026-100063 EXPLOITDB text VERIFIED
BestSafe Browser - Man In The Middle Remote Code Execution
by intern0t
EIP-2026-100061 EXPLOITDB text
Australian Education App - Remote Code Execution
by intern0t
EIP-2026-100040 EXPLOITDB text VERIFIED
LG MRA58K - 'ASFParser::SetMetaData' Stack Overflow
by Google Security Research
CVE-2017-8895 EXPLOITDB CRITICAL ruby VERIFIED
Veritas Backup Exec <16 FP1 - Use After Free
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.
by Metasploit
CVSS 9.8
CVE-2016-3088 EXPLOITDB CRITICAL ruby VERIFIED
ActiveMQ web shell upload
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
by Metasploit
CVSS 9.8
CVE-2017-20228 EXPLOITDB HIGH python
Flat Assembler 1.71.21 Stack-Based Buffer Overflow ROP
Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute return-oriented programming chains for shell command execution.
by Juan Sacco
CVSS 8.4
CVE-2017-9812 EXPLOITDB HIGH text VERIFIED
Kaspersky Anti-Virus for Linux File Server < 8.0.3.297 - Arbitrary File Read via getReportStatus reportId Parameter
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.
by Core Security
CVSS 7.5
CVE-2017-9811 EXPLOITDB CRITICAL text VERIFIED
Kaspersky Anti-Virus for Linux File Server < 8.0.3.297 - Privilege Escalation via Quarantine Operations
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.
by Core Security
CVSS 9.8
CVE-2017-9810 EXPLOITDB HIGH text VERIFIED
Kaspersky Anti-Virus for Linux File Server <8.0.4.312 - CSRF
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
by Core Security
CVSS 8.8
CVE-2017-3630 EXPLOITDB MEDIUM c VERIFIED
Solaris RSH Stack Clash Privilege Escalation
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
by Qualys Corporation
CVSS 5.3
CVE-2017-3629 EXPLOITDB HIGH c VERIFIED
Oracle Sun Systems Products Suite Kernel - Takeover
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
by Qualys Corporation
CVSS 7.8
CVE-2017-1000370 EXPLOITDB HIGH c VERIFIED
Linux Kernel 4.1-4.1.43 - Stack Clash via PIE Binary Execution
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems.
by Qualys Corporation
CVSS 7.8
CVE-2017-1000366 EXPLOITDB HIGH c VERIFIED
glibc <2.25 - Remote Code Execution
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
by Qualys Corporation
CVSS 7.8
CVE-2017-1000366 EXPLOITDB HIGH c VERIFIED
glibc <2.25 - Remote Code Execution
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
by Qualys Corporation
CVSS 7.8
CVE-2017-1000366 EXPLOITDB HIGH c VERIFIED
glibc <2.25 - Remote Code Execution
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
by Qualys Corporation
CVSS 7.8
EIP-2026-119365 EXPLOITDB python
Easy File Sharing Web Server 7.2 - Unrestricted File Upload
by Chako
EIP-2026-117095 EXPLOITDB python
Easy File Sharing Web Server 7.2 - Account Import Local Buffer Overflow (SEH)
by Chako
CVE-2017-3631 EXPLOITDB MEDIUM c VERIFIED
Oracle Sun Systems Products Suite 11 - Privilege Escalation
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
by Qualys Corporation
CVSS 5.3
By Source
All 50,076 Writeup 62,282 Exploitdb 50,076 Nomisec 22,409 Github 3,626 Metasploit 3,312 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,570 ruby 6,003 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25