Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-118213 EXPLOITDB python
ZTE PC UI USB Modem Software - Local Buffer Overflow
by R-73eN
EIP-2026-117317 EXPLOITDB python VERIFIED
IKEView.exe R60 - '.elg' Local (SEH)
by cor3sm4sh3r
EIP-2026-117316 EXPLOITDB python VERIFIED
IKEView R60 - Local Buffer Overflow (SEH)
by VIKRAMADITYA
CVE-2015-6923 EXPLOITDB text
VBox Communications Satellite Express Protocol <2.3.17.3 - Privileg...
The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call.
by KoreLogic
EIP-2026-114625 EXPLOITDB text
ZeusCart 4.0 - SQL Injection
by Curesec Research Team
EIP-2026-114623 EXPLOITDB text
ZeusCart 4.0 - Cross-Site Request Forgery
by Curesec Research Team
CVE-2015-7766 EXPLOITDB ruby VERIFIED
ZOHO ManageEngine OpManager <11.6 - Auth Bypass
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
by Metasploit
CVE-2015-3864 EXPLOITDB python VERIFIED
Android < 5.1.1 - Remote Code Execution via Crafted MPEG-4 Data
Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824.
by Google Security Research
CVE-2015-2521 EXPLOITDB text VERIFIED
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer - Remote Code Execution
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
by Google Security Research
CVE-2015-2520 EXPLOITDB text VERIFIED
Microsoft Excel 2007/2010/2011/2016 & Office Compatibility Pack - Remote Code Execution
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
by Google Security Research
CVE-2015-2510 EXPLOITDB text VERIFIED
Microsoft Live Meeting Console - Remote Code Execution via Crafted OpenType Font
Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Graphics Component Buffer Overflow Vulnerability."
by Google Security Research
CVE-2015-2523 EXPLOITDB text VERIFIED
Microsoft Excel Remote Code Execution via Crafted Office Document
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
by Google Security Research
CVE-2015-6962 EXPLOITDB text
Farol - SQL Injection via Email Parameter
SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php.
by Thierry Fernandes Faria
CVE-2015-2509 EXPLOITDB ruby VERIFIED
Windows Media Center - Remote Code Execution via Crafted MCL File
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka "Windows Media Center RCE Vulnerability."
by Metasploit
EIP-2026-118020 EXPLOITDB text VERIFIED
Total Commander 8.52 - Overwrite Buffer Overflow (SEH)
by Un_N0n
CVE-2015-2525 EXPLOITDB text VERIFIED
Microsoft Windows 10 - Access Control
Task Scheduler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass intended filesystem restrictions and delete arbitrary files via unspecified vectors, aka "Windows Task File Deletion Elevation of Privilege Vulnerability."
by Google Security Research
CVE-2015-2508 EXPLOITDB text VERIFIED
Microsoft Windows 10 - Local Privilege Escalation via Adobe Type Manager Library
The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability."
by Google Security Research
CVE-2015-2527 EXPLOITDB text VERIFIED
Windows 8, 8.1, RT, RT 8.1, Server 2012, 10 - Privilege Escalation via Win32k Impersonation
The process-initialization implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
by Google Security Research
CVE-2015-2528 EXPLOITDB text VERIFIED
Microsoft Windows 8-10 and Server 2012 - Privilege Escalation via Impersonation Level Mismanagement
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2524.
by Google Security Research
CVE-2015-2524 EXPLOITDB text VERIFIED
Microsoft Windows 8-10, Server 2012-R2 Privilege Escalation via Impersonation
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2528.
by Google Security Research
CVE-2015-7235 EXPLOITDB text
CP Reservation Calendar < 1.1.6 - SQL Injection via dex_reservations.php Parameters
Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI.
by i0akiN SEC-LABORATORY
EIP-2026-112045 EXPLOITDB text
Silver Peak VXOA < 6.2.11 - Multiple Vulnerabilities
by Security-Assessment.com
CVE-2015-7309 EXPLOITDB ruby VERIFIED
Bolt < 2.2.5 - Authenticated Remote Code Execution via Theme Editor File Rename
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.
by Metasploit
EIP-2026-102519 EXPLOITDB text
Openfire 3.10.2 - Unrestricted Arbitrary File Upload
by hyp3rlinx
EIP-2026-102518 EXPLOITDB text
Openfire 3.10.2 - Remote File Inclusion
by hyp3rlinx