Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109450 EXPLOITDB text
Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / PHP Remote Code Execution
by LiquidWorm
EIP-2026-107268 EXPLOITDB text
Froxlor Server Management Panel 0.9.33.1 - MySQL Login Information Disclosure
by Dustin Dörr
EIP-2026-104642 EXPLOITDB python
OSSEC WUI 0.8 - Denial of Service
by Milad Saber
EIP-2026-103350 EXPLOITDB assembly
Linux Kernel (x86) - Memory Sinkhole Privilege Escalation
by Christopher Domas
CVE-2015-5477 EXPLOITDB python
ISC BIND 9.x <9.9.7-P2, 9.10.x <9.10.2-P3 - DoS
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
by elceef
CVE-2015-3290 EXPLOITDB c
Linux kernel <4.1.6 - Privilege Escalation
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
by Andrew Lutomirski
CVE-2015-5477 EXPLOITDB c VERIFIED
ISC BIND 9.x <9.9.7-P2, 9.10.x <9.10.2-P3 - DoS
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
by Errata Security
EIP-2026-116377 EXPLOITDB python VERIFIED
T-Mobile Internet Manager - Contact Name Crash (PoC)
by SATHISH ARTHAR
EIP-2026-115522 EXPLOITDB perl VERIFIED
KMPlayer 3.9.x - '.srt' Crash (PoC)
by Peyman Motevalli Manesh
EIP-2026-114854 EXPLOITDB python VERIFIED
Acunetix Web Vulnerability Scanner 9.5 - Crash (PoC)
by Hadi Zomorodi Monavar
EIP-2026-101869 EXPLOITDB python
Netgear ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure
by St0rn
CVE-2025-34124 EXPLOITDB HIGH c VERIFIED
Heroes of Might and Magic III - Buffer Overflow
A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and Demo 1.0.0.0 via malicious .h3m map files that exploit object sprite name parsing logic. The vulnerability occurs during in-game map loading when a crafted object name causes a buffer overflow, potentially allowing arbitrary code execution. Exploitation requires the victim to open a malicious map file within the game.
by John AAkerblom
EIP-2026-112595 EXPLOITDB text VERIFIED
Tendoo CMS 1.3 - Cross-Site Scripting
by Arash Khazaei
EIP-2026-111045 EXPLOITDB text
phpFileManager 0.9.8 - Cross-Site Request Forgery
by hyp3rlinx
EIP-2026-108919 EXPLOITDB text VERIFIED
JoomShopping - Blind SQL Injection
by Mormoroth
EIP-2026-104827 EXPLOITDB text VERIFIED
2Moons - Multiple Vulnerabilities
by bRpsd
EIP-2026-115061 EXPLOITDB python
Classic FTP 2.36 - CWD Reconnection Denial of Service
by St0rn
EIP-2026-111046 EXPLOITDB text VERIFIED
phpFileManager 0.9.8 - Remote Command Execution
by hyp3rlinx
CVE-2015-5602 EXPLOITDB text VERIFIED
Sudo <1.8.15 - Privilege Escalation
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."
by daniel svartman
CVE-2015-4668 EXPLOITDB MEDIUM text
Xceedium Xsuite - Open Redirect via redirurl Parameter
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
by modzero
CVSS 6.1
CVE-2015-4667 EXPLOITDB CRITICAL text
Xceedium Xsuite 2.x - Use of Hard-coded Credentials
Multiple hardcoded credentials in Xsuite 2.x.
by modzero
CVSS 9.8
CVE-2015-4666 EXPLOITDB text
Xceedium Xsuite - Directory Traversal via opm/read_sessionlog.php logFile Parameter
Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.
by modzero
CVE-2015-4665 EXPLOITDB text
Xceedium Xsuite <= 2.4.4.1 - Cross-Site Scripting via ajax_cmd.php fileName Parameter
Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter.
by modzero
CVE-2015-4664 EXPLOITDB CRITICAL text
CA Privileged Access Manager < 2.4.4.4 - Remote Command Execution
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
by modzero
CVSS 9.8
EIP-2026-117182 EXPLOITDB python VERIFIED
Foxit Reader - '.png' Conversion Parsing tEXt Chunk Arbitrary Code Execution
by Sascha Schirra