Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-6834 EXPLOITDB CRITICAL text VERIFIED
PHP < 5.4.45 - Remote Code Execution via Unserialization Use-After-Free
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.
by Taoguang Chen
CVSS 9.8
EIP-2026-104664 EXPLOITDB text
PHP 5.4/5.5/5.6 - 'Unserialize()' Use-After-Free
by Taoguang Chen
CVE-2015-1538 EXPLOITDB python VERIFIED
Android < 5.1 - Remote Code Execution via MP4 Atom Integer Overflow
Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.
by Joshua J. Drake
EIP-2026-116961 EXPLOITDB c
Cisco Sourcefire User Agent 2.2 - Insecure File Permissions
by Glafkos Charalambous
CVE-2014-9208 EXPLOITDB text
Advantech WebAccess <8.0.1 - Buffer Overflow
Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors.
by Praveen Darshanam
EIP-2026-114360 EXPLOITDB text VERIFIED
WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting
by Outlasted
EIP-2026-106459 EXPLOITDB text
DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities
by Ashiyane Digital Security Team
EIP-2026-100010 EXPLOITDB text VERIFIED
IBM AIX High Availability Cluster Multiprocessing (HACMP) - Local Privilege Escalation
by Kristian Erik Hermansen
EIP-2026-118049 EXPLOITDB perl VERIFIED
VeryPDF HTML Converter 2.0 - Local Buffer Overflow (SEH/ToLower() Bypass)
by Robbie Corley
CVE-2015-5082 EXPLOITDB ruby VERIFIED
Endian Firewall < 2.5.1 - Remote Command Execution via Password Change Parameters
Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi.
by Metasploit
CVE-2015-6945 EXPLOITDB text
JSP/MySQL Administrador Web 1 - Cross-Site Scripting via bd Parameter
Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to inject arbitrary web script or HTML via the bd parameter to sys/sys/listaBD2.jsp.
by hyp3rlinx
EIP-2026-101876 EXPLOITDB text
Netgear Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation
by Elliott Lewis
EIP-2026-119571 EXPLOITDB perl
ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC)
by Robbie Corley
EIP-2026-116851 EXPLOITDB perl
AutoCAD DWG and DXF To PDF Converter 2.2 - Local Buffer Overflow
by Robbie Corley
CVE-2015-6965 EXPLOITDB html
Contact Form Generator < 2.0.1 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) create a field, (2) update a field, (3) delete a field, (4) create a form, (5) update a form, (6) delete a form, (7) create a template, (8) update a template, (9) delete a template, or (10) conduct cross-site scripting (XSS) attacks via a crafted request to the cfg_forms page in wp-admin/admin.php.
by i0akiN SEC-LABORATORY
EIP-2026-107108 EXPLOITDB text VERIFIED
FireEye Appliance - Unauthorized File Disclosure
by Kristian Erik Hermansen
EIP-2026-106817 EXPLOITDB php
Elastix < 2.5 - PHP Code Injection
by i-Hmx
EIP-2026-104595 EXPLOITDB text VERIFIED
Disconnect.me Mac OSX Client 2.0 - Local Privilege Escalation
by Kristian Erik Hermansen
EIP-2026-102134 EXPLOITDB text
Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-101777 EXPLOITDB text
HooToo Tripmate HT-TM01 2.000.022 - Cross-Site Request Forgery
by Ken Smith
CVE-2015-5995 EXPLOITDB CRITICAL text VERIFIED
Mediabridge Medialink MWN-WAPR300N/Tenda N3 - Auth Bypass
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header.
by Mandeep Jadon
CVSS 9.8
EIP-2026-116283 EXPLOITDB python
SphereFTP Server 2.0 - Crash (PoC)
by Meisam Monsef
EIP-2026-114526 EXPLOITDB ruby VERIFIED
YesWiki 0.2 - 'squelette' Directory Traversal
by HaHwul
EIP-2026-109318 EXPLOITDB text
Mantis Bug Tracker 1.2.19 - Host Header
by Pier-Luc Maltais
CVE-2015-6545 EXPLOITDB text
Cerb < 7.0.3 - Cross-Site Request Forgery via ajax.php saveWorkerPeek Action
Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.
by High-Tech Bridge SA