Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-8046 EXPLOITDB text VERIFIED
Adobe Flash Player <18.0.0.261, 19.x <19.0.0.245 - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, and CVE-2015-8044.
by Google Security Research
CVE-2015-8044 EXPLOITDB text VERIFIED
Adobe Flash Player <18.0.0.261 & 19.x <19.0.0.245 - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, and CVE-2015-8046.
by Google Security Research
CVE-2015-8043 EXPLOITDB text VERIFIED
Adobe Flash Player <18.0.0.261, 19.x <19.0.0.245 - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8044, and CVE-2015-8046.
by Google Security Research
CVE-2015-8352 EXPLOITDB CRITICAL text VERIFIED
Zen Cart 1.5.4 - Remote File Inclusion via AJAX act Parameter Path Traversal
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
by High-Tech Bridge SA
CVSS 9.8
CVE-2015-8556 EXPLOITDB CRITICAL c
Gentoo QEMU <2.5.0-r1 - Privilege Escalation
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
by zx2c4
CVSS 10.0
EIP-2026-118470 EXPLOITDB python VERIFIED
Easy File Sharing Web Server 7.2 - HEAD Request Buffer Overflow (SEH)
by ArminCyber
EIP-2026-118469 EXPLOITDB python VERIFIED
Easy File Sharing Web Server 7.2 - GET Buffer Overflow (SEH)
by ArminCyber
EIP-2026-110423 EXPLOITDB perl
Ovidentia NewsLetter Module 2.2 - 'admin.php' Remote File Inclusion
by bd0rk
CVE-2015-8739 EXPLOITDB MEDIUM text VERIFIED
Wireshark 2.0.x - Denial of Service via IPMI Dissector Packet Scope Access
The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.
by Google Security Research
CVSS 5.5
CVE-2015-8728 EXPLOITDB MEDIUM text VERIFIED
Wireshark 1.12.x < 1.12.9 and 2.0.x < 2.0.1 - Denial of Service via Mobile Identity Parser
The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet.
by Google Security Research
CVSS 5.5
CVE-2015-8735 EXPLOITDB MEDIUM text VERIFIED
Wireshark 2.0.x - Denial of Service via Bluetooth Attribute Dissector Integer Overflow
The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet.
by Google Security Research
CVSS 5.5
EIP-2026-103745 EXPLOITDB text VERIFIED
Wireshark - iseries_parse_packet Heap Buffer Overflow
by Google Security Research
EIP-2026-103743 EXPLOITDB text VERIFIED
Wireshark - getRate Stack Out-of-Bounds Read
by Google Security Research
CVE-2015-8726 EXPLOITDB MEDIUM text VERIFIED
Wireshark 1.12.x < 1.12.9 and 2.0.x < 2.0.1 - Denial of Service via VeriWave File Parser
wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
by Google Security Research
CVSS 5.5
CVE-2015-8736 EXPLOITDB MEDIUM text VERIFIED
Wireshark 2.0.x - Denial of Service via MP2T File Parser Stack-Based Buffer Overflow
The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file.
by Google Security Research
CVSS 5.5
CVE-2015-8732 EXPLOITDB MEDIUM text VERIFIED
Wireshark 1.12.x < 1.12.9 and 2.0.x < 2.0.1 - Denial of Service via ZigBee ZCL Dissector
The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
by Google Security Research
CVSS 5.5
EIP-2026-103740 EXPLOITDB text VERIFIED
Wireshark - dissect_tds7_colmetadata_token Stack Buffer Overflow
by Google Security Research
CVE-2015-8730 EXPLOITDB MEDIUM text VERIFIED
Wireshark 1.12.x < 1.12.9 and 2.0.x < 2.0.1 - Denial of Service in NBAP Dissector
epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet.
by Google Security Research
CVSS 5.5
CVE-2015-8740 EXPLOITDB MEDIUM text VERIFIED
Wireshark 2.0.x < 2.0.1 - Denial of Service via TDS Dissector Column Count Overflow
The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
by Google Security Research
CVSS 5.3
CVE-2015-8731 EXPLOITDB MEDIUM text VERIFIED
Wireshark 1.12.x < 1.12.9 and 2.0.x < 2.0.1 - Denial of Service via RSL Dissector TLV Type Handling
The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
by Google Security Research
CVSS 5.5
CVE-2015-8729 EXPLOITDB MEDIUM text VERIFIED
Wireshark 1.12.x < 1.12.9 and 2.0.x < 2.0.1 - Denial of Service in Ascend File Parser
The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
by Google Security Research
CVSS 5.5
CVE-2015-8723 EXPLOITDB MEDIUM text VERIFIED
Wireshark 1.12.x < 1.12.9 and 2.0.x < 2.0.1 - Denial of Service via AirPDcapPacketProcess Buffer Overflow
The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
by Google Security Research
CVSS 5.5
CVE-2015-8727 EXPLOITDB MEDIUM text VERIFIED
Wireshark 1.12.x < 1.12.9 and 2.0.x < 2.0.1 - Denial of Service via RSVP Dissector Use-After-Free
The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
by Google Security Research
CVSS 5.5
EIP-2026-102341 EXPLOITDB text VERIFIED
FireEye - Wormable Remote Code Execution in MIP JAR Analysis
by Tavis Ormandy & Natalie Silvanovich
EIP-2026-115418 EXPLOITDB python
IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - Invalid Pointer Dereference
by Ptrace Security
By Source
All 50,076 Writeup 62,633 Exploitdb 50,076 Nomisec 22,505 Github 3,761 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 483 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,641 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,335 bash 462 java 371 c++ 261 javascript 231 shell 140 go 75 postscript 25 typescript 25