Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105472 EXPLOITDB text
BigTree CMS 4.2.3 - (Authenticated) SQL Injection
by Curesec Research Team
EIP-2026-104580 EXPLOITDB text
Apple Mac OSX 10.10.5 - 'XNU' Local Privilege Escalation
by kpwn
CVE-2014-8008 EXPLOITDB text
Cisco Unified Communications Manager - Authenticated Absolute Path Traversal via RTMT API
Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.
by Bernhard Mueller
CVE-2014-6332 EXPLOITDB HIGH php VERIFIED
Microsoft Windows - Remote Code Execution via SafeArrayDimen Function
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."
by Mohammad Reza Espargham
CVSS 8.8
CVE-2016-3088 EXPLOITDB CRITICAL text VERIFIED
ActiveMQ web shell upload
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
by David Jorm
CVSS 9.8
EIP-2026-117441 EXPLOITDB python
MASM321 11 Quick Editor '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass)
by St0rn
EIP-2026-116615 EXPLOITDB python
XMPlay 3.8.1.12 - '.pls' Local Crash (PoC)
by St0rn
EIP-2026-109995 EXPLOITDB php
Nuts CMS - PHP Remote Code Injection / Execution
by Yakir Wizman
EIP-2026-101969 EXPLOITDB bash
Sagemcom F@ST 3864 V2 - Get Admin Password
by Cade Bull
EIP-2026-117495 EXPLOITDB python
Microsoft HTML Help Compiler 4.74.8702.0 - Local Overflow (SEH)
by St0rn
EIP-2026-114828 EXPLOITDB python
Ability FTP Server 2.1.4 - Admin Panel 'AUTHCODE' Remote Denial of Service
by St0rn
EIP-2026-114827 EXPLOITDB python
Ability FTP Server 2.1.4 - 'afsmain.exe' 'USER' Remote Denial of Service
by St0rn
EIP-2026-108443 EXPLOITDB text
Joomla! Component com_memorix - SQL Injection
by Omar
EIP-2026-108378 EXPLOITDB text
Joomla! Component com_informations - SQL Injection
by Omar
EIP-2026-107418 EXPLOITDB text
Gkplugins Picasaweb - Download File
by TMT zno
CVE-2015-4495 EXPLOITDB HIGH javascript
Firefox < 39.0.3 - Same Origin Policy Bypass via PDF Reader Native Setter
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
by Tantaryu MING
CVSS 8.8
EIP-2026-102698 EXPLOITDB text
NetKit FTP Client (Ubuntu 14.04) - Crash/Denial of Service (PoC)
by TUNISIAN CYBER
EIP-2026-102052 EXPLOITDB text
TOTOLINK Routers - Backdoor / Remote Code Execution
by MadMouse
EIP-2026-101976 EXPLOITDB text
Security IP Camera Star Vision DVR - Authentication Bypass
by Meisam Monsef
CVE-2015-2370 EXPLOITDB text
Windows RPC - Local Privilege Escalation via DCE/RPC Connection Reflection
The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/RPC connection reflection, which allows local users to gain privileges via a crafted application, aka "Windows RPC Elevation of Privilege Vulnerability."
by monoxgas
CVE-2015-5161 EXPLOITDB text
Zend Framework < 1.12.14, 2.x < 2.4.6, 2.5.x < 2.5.2 - XML External Entity Injection via Multibyte Encoded Characters
The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.
by Dawid Golunski
EIP-2026-104295 EXPLOITDB text
Joomla! Component com_jem 2.1.4 - Multiple Vulnerabilities
by Martino Sani
CVE-2015-1265 EXPLOITDB python
Google Chrome <43.0.2357.65 - DoS
Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Paulos Yibelo
CVE-2025-34106 EXPLOITDB HIGH ruby VERIFIED
PDF Shaper 3.5-3.6 - Buffer Overflow via Convert to Image Feature
A buffer overflow vulnerability exists in PDF Shaper versions 3.5 and 3.6 when converting a crafted PDF file to an image using the 'Convert PDF to Image' functionality. An attacker can exploit this vulnerability by tricking a user into opening a maliciously crafted PDF file, leading to arbitrary code execution under the context of the user. This vulnerability has been verified on Windows XP, 7, 8, and 10 platforms using the PDFTools.exe component.
by metacom
CVE-2014-4076 EXPLOITDB c
Microsoft Windows Server 2003 SP2 - Privilege Escalation
Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."
by Tomislav Paskalev