Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-6088 EXPLOITDB HIGH
EyesOfNetwork < 5.0 - Authenticated SQL Injection via bp_name, display, search, equipment, or type Parameter
Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php.
by Sysdream
CVSS 7.2
CVE-2017-6087 EXPLOITDB HIGH
EyesOfNetwork eonweb < 5.0-0 - Authenticated OS Command Injection via selected_events[] Parameter
EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php.
by Sysdream
CVSS 8.8
EIP-2026-106184 EXPLOITDB text
CouponPHP CMS 3.1 - 'code' SQL Injection
by Ihsan Sencan
CVE-2017-2619 EXPLOITDB HIGH text VERIFIED
Samba < 4.4.12 - Symlink Race Condition
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
by Google Security Research
CVSS 7.5
CVE-2017-2447 EXPLOITDB HIGH html VERIFIED
Safari < 10.1 - Memory Corruption via Crafted Web Site
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site.
by Google Security Research
CVSS 8.1
CVE-2017-2446 EXPLOITDB HIGH html VERIFIED
Apple <10.3 - Remote Code Execution
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions.
by Google Security Research
CVSS 8.8
CVE-2017-2446 EXPLOITDB HIGH html VERIFIED
Apple <10.3 - Remote Code Execution
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions.
by Google Security Research
CVSS 8.8
EIP-2026-103114 EXPLOITDB ruby VERIFIED
Github Enterprise - Default Session Secret and Deserialization (Metasploit)
by Metasploit
EIP-2026-103113 EXPLOITDB ruby VERIFIED
Github Enterprise - Default Session Secret and Deserialization (Metasploit)
by Metasploit
CVE-2017-5869 EXPLOITDB HIGH ruby
Nuxeo Platform 6.0, 7.1-7.3 - Authenticated Path Traversal and Remote Code Execution via X-File-Name Header
Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header.
by Sysdream
CVSS 8.8
CVE-2017-5227 EXPLOITDB HIGH text VERIFIED
QNAP QTS < 4.2.4 - Unauthenticated Sensitive Information Exposure via uLinux.conf
QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file.
by Pasquale Fiorillo
CVSS 7.5
EIP-2026-115774 EXPLOITDB c
Microsoft Visual Studio 2015 update 3 - Denial of Service
by Peter Baris
EIP-2026-112756 EXPLOITDB text
Tour Package Booking 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-110747 EXPLOITDB text
Php Real Estate Property Script - SQL Injection
by Ihsan Sencan
EIP-2026-110478 EXPLOITDB text
Parcel Delivery Booking Script 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-108938 EXPLOITDB text
Just Another Video Script 1.4.3 - SQL Injection
by Ihsan Sencan
EIP-2026-107649 EXPLOITDB text
Hotel Booking Script 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-106411 EXPLOITDB text
Delux Same Day Delivery Script 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-106191 EXPLOITDB text
Courier Tracking Software 6.0 - SQL Injection
by Ihsan Sencan
EIP-2026-105355 EXPLOITDB text
B2B Marketplace Script 2.0 - SQL Injection
by Ihsan Sencan
EIP-2026-105086 EXPLOITDB text
Alibaba Clone Script - SQL Injection
by Ihsan Sencan
CVE-2017-7851 EXPLOITDB HIGH text
D-Link DCS-936L < 1.05.07 - Cross-Site Request Forgery via Referer Header Validation Bypass
D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.
by SlidingWindow
CVSS 8.8
CVE-2015-5736 EXPLOITDB c VERIFIED
Fortinet FortiClient < 5.2.3 - Local Privilege Escalation via Fortishield.sys Ioctl Calls
The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.
by sickness
CVE-2015-5736 EXPLOITDB c VERIFIED
Fortinet FortiClient < 5.2.3 - Local Privilege Escalation via Fortishield.sys Ioctl Calls
The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.
by sickness
EIP-2026-104965 EXPLOITDB text
Adult Tube Video Script - SQL Injection
by Ihsan Sencan
By Source
All 50,076 Writeup 62,344 Exploitdb 50,076 Nomisec 22,425 Github 3,649 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,585 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 132 go 73 postscript 25 typescript 25