Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113531 EXPLOITDB text VERIFIED
WordPress Plugin Add From Server < 3.3.2 - Cross-Site Request Forgery (Arbitrary File Upload)
by Edwin Molenaar
EIP-2026-111022 EXPLOITDB text
PHPCollab CMS 2.5 - 'emailusers.php' SQL Injection
by Vulnerability-Lab
EIP-2026-102507 EXPLOITDB text
Navis Webaccess - SQL Injection
by bRpsd
CVE-2016-15038 EXPLOITDB MEDIUM text
NUUO NVRmini 2 <3.0.8 - Path Traversal
A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258780.
by LiquidWorm
CVSS 6.5
CVE-2016-5330 EXPLOITDB HIGH ruby VERIFIED
VMware Workstation Player 12.1.0-12.1.1 - Untrusted Search Path via HGFS Shared Folders
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
by Metasploit
CVSS 7.8
EIP-2026-110001 EXPLOITDB python
NUUO NVRmini 2 3.0.8 - Remote Code Execution
by LiquidWorm
EIP-2026-110000 EXPLOITDB text
NUUO NVRmini 2 3.0.8 - Multiple OS Command Injections
by LiquidWorm
EIP-2026-109999 EXPLOITDB text
NUUO NVRmini 2 3.0.8 - Local File Disclosure
by LiquidWorm
EIP-2026-109998 EXPLOITDB html
NUUO NVRmini 2 3.0.8 - Cross-Site Request Forgery (Add Admin)
by LiquidWorm
EIP-2026-109996 EXPLOITDB text
NUUO NVRmini 2 3.0.8 - 'strong_user.php' Backdoor Remote Shell Access
by LiquidWorm
EIP-2026-100868 EXPLOITDB text
NUUO NVRmini 2 3.0.8 - Remote Command Injection (Shellshock)
by LiquidWorm
CVE-2016-20046 EXPLOITDB HIGH python
zFTP Client 20061220+dfsg3-4.1 Local Buffer Overflow
zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges.
by Juan Sacco
CVSS 8.4
CVE-2016-5679 EXPLOITDB HIGH text
NUUO NVRmini <3.0.0 - Command Injection
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
by Pedro Ribeiro
CVSS 8.8
CVE-2016-5677 EXPLOITDB HIGH text
NUUO NVRmini <3.0.0 - Info Disclosure
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.
by Pedro Ribeiro
CVSS 7.5
CVE-2016-5676 EXPLOITDB HIGH text
NETGEAR ReadyNAS Surveillance 1.1.1-1.4.1 & NUUO NVRmini2/NVRsolo 1.7.5-2.x - Unauthenticated Admin Password Reset
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
by Pedro Ribeiro
CVSS 7.5
CVE-2016-5675 EXPLOITDB CRITICAL text
NETGEAR ReadyNAS Surveillance 1.1.1-1.4.1 - Remote Code Execution via NTPServer Parameter
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
by Pedro Ribeiro
CVSS 9.8
CVE-2016-5674 EXPLOITDB CRITICAL text
NETGEAR ReadyNAS Surveillance 1.1.1-1.4.1 & NUUO NVRmini2/NVRsolo 1.7.5-3.0.0 - RCE via __debugging_center_utils___.php
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
by Pedro Ribeiro
CVSS 9.8
CVE-2016-5678 EXPLOITDB CRITICAL text
NUUO NVRmini 2 & NVRsolo <3.0.0 - Info Disclosure
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.
by Pedro Ribeiro
CVSS 9.8
EIP-2026-115523 EXPLOITDB python
Kodi Web Server 16.1 - Denial of Service
by Guillaume Kaddouch
EIP-2026-113663 EXPLOITDB text
WordPress Plugin Count Per Day 3.5.4 - Persistent Cross-Site Scripting
by Julien Rentrop
EIP-2026-112466 EXPLOITDB text
Subrion CMS 4.0.5 - SQL Injection
by Vulnerability-Lab
EIP-2026-110740 EXPLOITDB text
PHP Power Browse 1.2 - Directory Traversal
by Manuel Mancera
EIP-2026-103178 EXPLOITDB text
ntop/nbox 2.3 < 2.5 - Multiple Vulnerabilities
by Javier Marcos
EIP-2026-101855 EXPLOITDB text
NASdeluxe NDL-2400r 2.01.09 - OS Command Injection
by SySS GmbH
CVE-2016-5680 EXPLOITDB HIGH text
NUUO NVRmini <3.0.0 - Buffer Overflow
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
by Pedro Ribeiro
CVSS 8.8
By Source
All 50,076 Writeup 62,526 Exploitdb 50,076 Nomisec 22,481 Github 3,713 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,614 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 137 go 73 postscript 25 typescript 25