Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-1247 EXPLOITDB HIGH bash
nginx <1.6.2-5+deb8u3 - Privilege Escalation
The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.
by Dawid Golunski
CVSS 7.8
CVE-2025-34107 EXPLOITDB HIGH ruby VERIFIED
WinaXe FTP Client <7.7 - Buffer Overflow
A buffer overflow vulnerability exists in the WinaXe FTP Client version 7.7 within the FTP banner parsing functionality, WCMDPA10.dll. When the client connects to a remote FTP server and receives an overly long '220 Server Ready' response, the vulnerable component responsible for parsing the banner overflows a stack buffer, leading to arbitrary code execution under the context of the user.
by Metasploit
EIP-2026-118475 EXPLOITDB ruby VERIFIED
Easy Internet Sharing Proxy Server 2.2 - Remote Overflow (SEH) (Metasploit)
by Tracy Turben
CVE-2016-7225 EXPLOITDB MEDIUM VERIFIED
Windows 10 and Windows Server 2016 - Privilege Escalation via VHD Driver
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 6.1
CVE-2016-7224 EXPLOITDB MEDIUM VERIFIED
Windows VHD Driver - Unauthenticated Privilege Escalation via File Access
Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 6.1
CVE-2016-7226 EXPLOITDB MEDIUM VERIFIED
Windows 10 and Windows Server 2016 - Privilege Escalation via VHD Driver
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 6.1
CVE-2016-7216 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows Vista/Server 2008/7 Privilege Escalation via Kernel API Mishandling
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 5.5
EIP-2026-115643 EXPLOITDB html
Microsoft Edge 11.0.10240.16384 - 'edgehtml' CAttr­Array::Destroy Use-After-Free
by Skylined
EIP-2026-102660 EXPLOITDB c
Linux Kernel 4.8.0-22/3.10.0-327 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference
by OpenSource Security
EIP-2026-118409 EXPLOITDB ruby VERIFIED
Disk Pulse Enterprise 9.0.34 - 'Login' Remote Buffer Overflow (Metasploit)
by Metasploit
CVE-2015-0040 EXPLOITDB VERIFIED
Microsoft Internet Explorer 11 - Remote Code Execution or Denial of Service via Memory Corruption
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015-0037, and CVE-2015-0066.
by Skylined
EIP-2026-105598 EXPLOITDB python VERIFIED
Boonex Dolphin 7.3.2 - Authentication Bypass / Remote Code Execution
by 0x4148
CVE-2016-4557 EXPLOITDB HIGH ruby VERIFIED
Linux BPF doubleput UAF Privilege Escalation
The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor.
by Metasploit
CVSS 7.8
EIP-2026-111939 EXPLOITDB php VERIFIED
Schoolhos CMS 2.29 - Remote Code Execution / SQL Injection
by 0x4148
EIP-2026-105293 EXPLOITDB html VERIFIED
ATutor 2.2.2 - Cross-Site Request Forgery (Add New Course)
by Saravana Kumar
CVE-2016-20072 EXPLOITDB HIGH text
BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL injection in the uid parameter to extract sensitive data from the WordPress database including user information and taxonomy terms.
by Lenon Leite
CVSS 8.2
CVE-2016-20065 EXPLOITDB HIGH text VERIFIED
Product Catalog 8 1.2 Plugin WordPress SQL Injection
Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter. Attackers can submit POST requests to the admin-ajax.php endpoint with the UpdateCategoryList action to extract sensitive database information from WordPress tables.
by Lenon Leite
CVSS 8.2
EIP-2026-107943 EXPLOITDB python VERIFIED
InvoicePlane 1.4.8 - Password Reset
by feedersec
CVE-2016-3325 EXPLOITDB LOW html VERIFIED
Microsoft Edge and Internet Explorer 11 - Information Disclosure via Crafted Web Site
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
by Skylined
CVSS 3.1
CVE-2016-3324 EXPLOITDB HIGH html VERIFIED
Microsoft Internet Explorer 9-11 - Remote Code Execution or Denial of Service via Memory Corruption
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
by Skylined
CVSS 8.8
EIP-2026-109700 EXPLOITDB text
MyBB 1.8.6 - Cross-Site Scripting
by Curesec Research Team
EIP-2026-104842 EXPLOITDB text VERIFIED
4Images 1.7.13 - SQL Injection
by 0x4148
CVE-2016-7851 EXPLOITDB MEDIUM text VERIFIED
Adobe Connect <= 9.5.6 - Cross-Site Scripting in Events Registration Module
Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.
by Vulnerability-Lab
CVSS 6.1
EIP-2026-116474 EXPLOITDB html
VBScript 5.8.7600.16385/5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read
by Skylined
CVE-2016-7255 EXPLOITDB HIGH c
Microsoft Windows - Privilege Escalation
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
by TinySec
CVSS 7.8
By Source
All 50,076 Writeup 62,508 Exploitdb 50,076 Nomisec 22,472 Github 3,695 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,606 ruby 6,006 c 3,632 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 135 go 73 postscript 25 typescript 25