Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-8912 EXPLOITDB HIGH text
CMS Made Simple 2.1.6 - Authenticated PHP Code Execution via Edit User Tag
CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug.
by Osanda Malith Jayathissa
CVSS 7.2
EIP-2026-105388 EXPLOITDB text
BanManager WebUI 1.5.8 - PHP Code Injection
by HaHwul
CVE-2017-5689 EXPLOITDB CRITICAL python
Intel AMT Digest Authentication Bypass Scanner
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
by nixawk
CVSS 9.8
CVE-2017-8852 EXPLOITDB HIGH python VERIFIED
SAP SAPCAR 721.510 - Heap-Based Buffer Overflow via Crafted CAR Archive
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.
by Core Security
CVSS 7.8
CVE-2017-11502 EXPLOITDB CRITICAL
Technicolor DPC3928AD - Info Disclosure
Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.
by SecuriTeam
CVSS 9.8
CVE-2025-34102 EXPLOITDB CRITICAL ruby VERIFIED
CryptoLog PHP - Unauthenticated Remote Code Execution via SQL Injection and Command Injection
A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in login.php to bypass authentication, followed by command injection in logshares_ajax.php to execute arbitrary operating system commands. The login bypass is achieved by submitting crafted SQL via the user POST parameter. Once authenticated, the attacker can abuse the lsid POST parameter in the logshares_ajax.php endpoint to inject and execute a command using $(...) syntax, resulting in code execution under the web context. This exploitation path does not exist in the ASP.NET version of CryptoLog released since 2009.
by Mehmet Ince
CVE-2017-0290 EXPLOITDB HIGH text VERIFIED
Microsoft Malware Protection Engine < 1.1.13701.0 - Remote Code Execution via Crafted File Scan
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability."
by Google Security Research
CVSS 7.8
EIP-2026-107691 EXPLOITDB text VERIFIED
I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
by SEC Consult
EIP-2026-107690 EXPLOITDB text VERIFIED
I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
by SEC Consult
EIP-2026-104034 EXPLOITDB python
Oracle GoldenGate 12.1.2.0.0 - Remote Code Execution
by Silent Signal
CVE-2017-2800 EXPLOITDB CRITICAL text
wolfSSL < 3.10.2 - Certificate Validation Bypass via Crafted x509 Certificate
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library.
by Talos
CVSS 9.8
CVE-2017-7314 EXPLOITDB HIGH text
Personify360 e-Business <7.6.1 - Info Disclosure
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available.
by Pesach Zirkind
CVSS 7.5
CVE-2017-7312 EXPLOITDB CRITICAL text
Personify360 e-Business <7.6.1 - Info Disclosure
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and passwords).
by Pesach Zirkind
CVSS 9.8
EIP-2026-100038 EXPLOITDB text VERIFIED
LG G4 MRA58K - 'mkvparser::Tracks constructor' Failure to Initialise Pointers
by Google Security Research
EIP-2026-100037 EXPLOITDB text VERIFIED
LG G4 MRA58K - 'mkvparser::Block::Block' Heap Buffer Overflow
by Google Security Research
EIP-2026-100036 EXPLOITDB text VERIFIED
LG G4 MRA58K - 'liblg_parser_mkv.so' Bad Allocation Calls
by Google Security Research
CVE-2017-8869 EXPLOITDB HIGH python VERIFIED
MediaCoder 0.8.48.5888 - Remote Code Execution via Crafted .m3u File
Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file.
by Muhann4d
CVSS 7.8
CVE-2017-6953 EXPLOITDB HIGH text VERIFIED
Gemalto SmartDiag Diagnosis Tool v2.5 - Buffer Overflow
Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow with SEH Overwrite via long "Register a new card" input fields. There may be a risk of local code execution with untrusted input to SmartDiag.exe or SymDiag.exe.
by Majid Alqabandi
CVSS 7.8
EIP-2026-103038 EXPLOITDB text VERIFIED
Xen 64bit PV Guest - pagetable use-after-type-change Breakout
by Google Security Research
CVE-2017-8779 EXPLOITDB HIGH ruby
rpcbind < 0.2.4 - Denial of Service via Crafted UDP Packet
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
by Guido Vranken
CVSS 7.5
EIP-2026-114184 EXPLOITDB text
WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection
by defensecode
CVE-2017-6086 EXPLOITDB HIGH
ViMbAdmin 3.0.15 - Cross-Site Request Forgery in DomainController and MailboxController
Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to <vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to <vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to <vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to <vimbadmin directory>/application/controllers/AliasController.php.
by Sysdream
CVSS 8.8
CVE-2017-1000353 EXPLOITDB CRITICAL text
Jenkins < 2.56 and < 2.46.1 - Unauthenticated Remote Code Execution via Java Deserialization
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.
by SecuriTeam
CVSS 9.8
CVE-2017-5135 EXPLOITDB CRITICAL python
Technicolor DPC3928SL - Auth Bypass
Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability.
by nixawk
CVSS 9.1
EIP-2026-100663 EXPLOITDB text
Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure
by Usman Saeed
By Source
All 50,076 Writeup 62,320 Exploitdb 50,076 Nomisec 22,421 Github 3,644 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,581 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 132 go 73 postscript 25 typescript 25