Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101509 EXPLOITDB text
8 TOTOLINK Router Models - Backdoor Access / Remote Code Execution
by Pierre Kim
EIP-2026-101508 EXPLOITDB text
4 TOTOLINK Router Models - Cross-Site Request Forgery / Cross-Site Scripting
by Pierre Kim
EIP-2026-101507 EXPLOITDB text
4 TOTOLINK Router Models - Backdoor Credentials
by Pierre Kim
CVE-2015-2863 EXPLOITDB text
Kaseya Virtual System Administrator 7.x < 7.0.0.29, 8.x < 8.0.0.18, 9.0 < 9.0.0.14, 9.1 < 9.1.0.4 - Open Redirect
Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
by Pedro Ribeiro
EIP-2026-108333 EXPLOITDB text
Joomla! Component com_docman - Multiple Vulnerabilities
by Hugo Santiago
CVE-2015-4425 EXPLOITDB text
pimcore < build 3473 - Authenticated Path Traversal and Arbitrary File Write via Admin Asset Compatibility Endpoint
Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.
by Portcullis
EIP-2026-118680 EXPLOITDB php
Impero Education Pro - System Remote Command Execution
by slipstream
EIP-2026-116655 EXPLOITDB python
ZOC Terminal Emulator 7 - Quick Connection Crash (PoC)
by SATHISH ARTHAR
EIP-2026-115443 EXPLOITDB python VERIFIED
Internet Download Manager - Find Download Crash (PoC)
by Mohammad Reza Espargham
EIP-2026-115442 EXPLOITDB python VERIFIED
Internet Download Manager - '.ief' Crash (PoC)
by Mohammad Reza Espargham
CVE-2015-6516 EXPLOITDB text
sysPass < 1.0.9 - Authenticated SQL Injection via Search Parameter
SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajax_search.php.
by SySS GmbH
CVE-2005-2095 EXPLOITDB text
SquirrelMail <= 1.4.4 - Remote Code Execution via Extract Function
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
by GulfTech Security
CVE-2015-5529 EXPLOITDB text
Free Reprintables ArticleFR 3.0.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to dashboard/settings/categories/, (2) title or (3) rel parameter to dashboard/settings/links/, or (4) url parameter to dashboard/tools/pingservers/.
by LiquidWorm
CVE-2014-8676 EXPLOITDB MEDIUM text
soplanning < 1.32 - Path Traversal via URL Path Parameter
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
by Huy-Ngoc DAU
CVSS 5.3
CVE-2014-8675 EXPLOITDB HIGH text
soplanning < 1.32 - Exposure of Sensitive Information via ICAL Calendar Link
Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash.
by Huy-Ngoc DAU
CVSS 7.5
CVE-2014-8674 EXPLOITDB MEDIUM text
soplanning < 1.33 - Cross-Site Scripting via nb_mois, mb_ligness, and export.php Debug Parameter
Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code.
by Huy-Ngoc DAU
CVSS 5.4
CVE-2014-8673 EXPLOITDB CRITICAL text
SOPPlanning <1.33 - SQL Injection
Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.
by Huy-Ngoc DAU
CVSS 9.8
CVE-2015-5122 EXPLOITDB CRITICAL ruby VERIFIED
Adobe Flash opaqueBackground Use After Free
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.
by Metasploit
CVSS 9.8
EIP-2026-115317 EXPLOITDB python VERIFIED
Full Player 8.2.1 - Memory Corruption (PoC)
by SATHISH ARTHAR
CVE-2015-5595 EXPLOITDB MEDIUM text
zenphoto < 1.4.9 - Cross-Site Request Forgery in admin.php
Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption).
by Tim Coen
CVSS 6.5
CVE-2015-5471 EXPLOITDB MEDIUM text VERIFIED
Swim Team plugin <1.44.10777 - Path Traversal
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.
by Larry W. Cashdollar
CVSS 5.3
EIP-2026-113665 EXPLOITDB text
WordPress Plugin CP Contact Form with Paypal 1.1.5 - Multiple Vulnerabilities
by Nitin Venkatesh
CVE-2014-8677 EXPLOITDB MEDIUM text
soplanning < 1.32 - Authenticated Remote Code Execution via Crafted Database Name
The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name.
by Huy-Ngoc DAU
CVSS 5.3
EIP-2026-111229 EXPLOITDB text
phpVibe - Arbitrary File Disclosure
by ali ahmady
EIP-2026-111211 EXPLOITDB text
phpSQLiteCMS - Multiple Vulnerabilities
by hyp3rlinx