Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113936 EXPLOITDB text VERIFIED
WordPress Plugin Olimometer 2.56 - SQL Injection
by TAD GROUP
EIP-2026-113836 EXPLOITDB html
WordPress Plugin Instagram Feed 1.4.6.2 - Cross-Site Request Forgery
by Sipke Mellema
EIP-2026-109097 EXPLOITDB text VERIFIED
LEPTON 2.2.2 - SQL Injection
by Curesec Research Team
EIP-2026-109096 EXPLOITDB text VERIFIED
LEPTON 2.2.2 - Remote Code Execution
by Curesec Research Team
EIP-2026-107301 EXPLOITDB text
FUDforum 3.0.6 - Local File Inclusion
by Curesec Research Team
EIP-2026-107300 EXPLOITDB text
FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery
by Curesec Research Team
CVE-2016-6563 EXPLOITDB CRITICAL ruby VERIFIED
D-Link DIR Routers - Stack-Based Buffer Overflow via Malformed SOAP HNAP Login Action
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.
by Metasploit
CVSS 9.8
CVE-2016-7434 EXPLOITDB HIGH python VERIFIED
NTP 4.3.0-4.3.94 - Denial of Service via Crafted MRU List Query
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
by Magnus Klaaborg Stubman
CVSS 7.5
EIP-2026-102359 EXPLOITDB text
Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal
by Julien Ahrens
EIP-2026-111947 EXPLOITDB text VERIFIED
ScriptCase 8.1.053 - Multiple Vulnerabilities
by hyp3rlinx
EIP-2026-118599 EXPLOITDB python VERIFIED
FTPShell Client 5.24 - 'PWD' Remote Buffer Overflow
by Th3GundY
CVE-2016-9332 EXPLOITDB HIGH python
Moxa SoftCMS <1.6 - Info Disclosure
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition.
by Zhou Yu
CVSS 7.5
CVE-2016-7201 EXPLOITDB HIGH html VERIFIED
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Type Confusion
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
by Google Security Research
CVSS 8.8
CVE-2016-7203 EXPLOITDB HIGH html VERIFIED
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
by Google Security Research
CVSS 7.5
CVE-2016-7202 EXPLOITDB HIGH html VERIFIED
Microsoft Edge - Remote Code Execution via Scripting Engine Memory Corruption
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," as demonstrated by the Chakra JavaScript engine, a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
by Google Security Research
CVSS 7.5
CVE-2016-7200 EXPLOITDB HIGH html VERIFIED
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
by Google Security Research
CVSS 8.8
EIP-2026-106772 EXPLOITDB text
EditMe CMS - Cross-Site Request Forgery (Add Admin)
by Vulnerability-Lab
CVE-2016-9151 EXPLOITDB HIGH text VERIFIED
Palo Alto Networks PAN-OS <7.1.6 - Privilege Escalation
Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables.
by Google Security Research
CVSS 7.8
CVE-2016-9151 EXPLOITDB HIGH text VERIFIED
Palo Alto Networks PAN-OS <7.1.6 - Privilege Escalation
Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables.
by Google Security Research
CVSS 7.8
CVE-2016-8641 EXPLOITDB MEDIUM bash VERIFIED
Nagios 4.2.x - Privilege Escalation
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.
by Vincent Malguy
CVSS 6.7
CVE-2016-9150 EXPLOITDB CRITICAL text VERIFIED
Palo Alto Networks PAN-OS <7.1.6 - Buffer Overflow
Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors.
by Google Security Research
CVSS 9.8
CVE-2016-20073 EXPLOITDB HIGH text VERIFIED
Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php
Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract sensitive database information including WordPress terms and configuration data.
by Lenon Leite
CVSS 8.2
CVE-2016-7240 EXPLOITDB HIGH html VERIFIED
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242, and CVE-2016-7243.
by Google Security Research
CVSS 7.5
EIP-2026-114061 EXPLOITDB text VERIFIED
WordPress Plugin Sirv 1.3.1 - SQL Injection
by Lenon Leite
EIP-2026-106252 EXPLOITDB text
CS-Cart 4.3.10 - XML External Entity Injection
by 0x4148
By Source
All 50,076 Writeup 62,508 Exploitdb 50,076 Nomisec 22,472 Github 3,695 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,606 ruby 6,006 c 3,632 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 135 go 73 postscript 25 typescript 25