Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111789 EXPLOITDB text
RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities
by Ozer Goker
EIP-2026-110268 EXPLOITDB text
OpenCart 2.1.0.2 < 2.2.0.0 - json_decode Function Remote Code Execution
by Naser Farhadi
CVE-2016-1596 EXPLOITDB MEDIUM text
Micro Focus Novell Service Desk <7.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter.
by Pedro Ribeiro
CVSS 5.4
EIP-2026-101770 EXPLOITDB html
Hikvision Digital Video Recorder - Cross-Site Request Forgery
by LiquidWorm
CVE-2015-8256 EXPLOITDB MEDIUM text
Axis Network Camera Firmware - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.
by Orwelllabs
CVSS 6.1
CVE-2016-2417 EXPLOITDB CRITICAL text VERIFIED
Android < 4.4.4/5.0.2/5.1.1/2016-04-01 - Information Disclosure via Uninitialized Data
media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474.
by Google Security Research
CVSS 9.8
CVE-2016-0846 EXPLOITDB HIGH text VERIFIED
Android <4.4.4, <5.0.2, <5.1.1, <2016-04-01 - Privilege Escalation
libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992.
by Google Security Research
CVSS 8.4
CVE-2025-34115 EXPLOITDB HIGH text VERIFIED
OP5 Monitor <7.1.9 - Command Injection
An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmd_str' parameter in the command_test.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web application user. The vulnerability resides in the configuration section of the application and requires valid login credentials with access to the command testing functionality. This issue is fixed in version 7.2.0.
by hyp3rlinx
EIP-2026-117148 EXPLOITDB python
Express Zip 2.40 - Directory Traversal
by R-73eN
CVE-2016-1743 EXPLOITDB HIGH c
macOS < 10.11.4 - Memory Corruption in Intel Graphics Driver
The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1744.
by Piotr Bania
CVSS 7.8
CVE-2016-20039 EXPLOITDB HIGH python
Multi Emulator Super System 0.154-3.1 Buffer Overflow
Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized gamma parameter value to overflow the stack buffer and overwrite the instruction pointer with a controlled address to achieve code execution.
by Juan Sacco
CVSS 8.4
CVE-2016-1561 EXPLOITDB HIGH ruby VERIFIED
ExaGrid <4.8 P26 - Privilege Escalation
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.
by Metasploit
CVSS 7.5
EIP-2026-101922 EXPLOITDB text
PLANET Technology IP Surveillance Cameras - Multiple Vulnerabilities
by Orwelllabs
CVE-2015-7378 EXPLOITDB HIGH text
Panda Security URL Filtering < 4.3.1.8 - Privilege Escalation via Weak Directory ACL
Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.
by Kyriakos Economou
CVSS 7.8
CVE-2016-3943 EXPLOITDB HIGH text
Panda Endpoint Administration Agent <7.50.00 - Privilege Escalation
Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.
by Kyriakos Economou
CVSS 7.8
EIP-2026-112308 EXPLOITDB text
SocialEngine 4.8.9 - SQL Injection
by High-Tech Bridge SA
CVE-2016-3672 EXPLOITDB HIGH text
Linux kernel <4.5.2 - Privilege Escalation
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.
by Hector Marco & Ismael Ripoll
CVSS 7.8
EIP-2026-102456 EXPLOITDB text
Asbru Web Content Management System 9.2.7 - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-119020 EXPLOITDB ruby VERIFIED
PCMan FTP Server - 'PUT' Buffer Overflow (Metasploit)
by Metasploit
EIP-2026-118460 EXPLOITDB ruby VERIFIED
Easy File Sharing HTTP Server 7.2 - Remote Overflow (SEH) (Metasploit)
by Metasploit
CVE-2014-4113 EXPLOITDB HIGH text
Microsoft Windows - Privilege Escalation
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."
by MWR InfoSecurity
CVSS 7.8
CVE-2016-0111 EXPLOITDB HIGH html VERIFIED
Microsoft Internet Explorer 9-11 and Edge - Remote Code Execution via Memory Corruption
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113.
by Google Security Research
CVSS 7.5
EIP-2026-102497 EXPLOITDB text
ManageEngine Password Manager Pro 8102 to 8302 - Multiple Vulnerabilities
by S3ba
EIP-2026-116596 EXPLOITDB perl
Xion Audio Player 1.5 (build 160) - '.mp3' Crash (PoC)
by Charley Celice
CVE-2016-2087 EXPLOITDB HIGH python
HexChat 2.11.0 - Path Traversal via IRC Server Name
Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.
by PizzaHatHacker
CVSS 7.4
By Source
All 50,076 Writeup 62,573 Exploitdb 50,076 Nomisec 22,496 Github 3,735 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,630 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 137 go 73 postscript 25 typescript 25