Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115492 EXPLOITDB python VERIFIED
Jildi FTP Client - Buffer Overflow (PoC)
by metacom
EIP-2026-113058 EXPLOITDB text VERIFIED
VFront 0.99.2 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
by hyp3rlinx
CVE-2015-2994 EXPLOITDB ruby VERIFIED
SysAid < 15.1 - Unauthenticated Arbitrary File Upload and Remote Code Execution via ChangePhoto.jsp
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.
by Metasploit
EIP-2026-101973 EXPLOITDB python
Seagate Central 2014.0410.0026-F - Remote Facebook Access Token
by Jeremy Brown
EIP-2026-101442 EXPLOITDB python
Seagate Central 2014.0410.0026-F - Remote Command Execution
by Jeremy Brown
EIP-2026-113862 EXPLOITDB text VERIFIED
WordPress Plugin LeagueManager 3.9.11 - SQL Injection
by javabudd
EIP-2026-102894 EXPLOITDB c
Linux Kernel (PonyOS 3.0) - TTY 'ioctl()' Local Privilege Escalation
by Hacker Fantastic
EIP-2026-119268 EXPLOITDB python VERIFIED
WebDrive 12.2 (Build #4172) - Remote Buffer Overflow
by metacom
EIP-2026-118668 EXPLOITDB python VERIFIED
IBM Security AppScan Standard 9.0.2 - OLE Automation Array Remote Code Execution
by Naser Farhadi
EIP-2026-113702 EXPLOITDB php VERIFIED
WordPress Plugin dzs-zoomsounds 2.0 - Arbitrary File Upload
by nabil chris
CVE-2014-8361 EXPLOITDB CRITICAL ruby VERIFIED
Realtek SDK - Remote Code Execution
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
by Metasploit
CVSS 9.8
EIP-2026-102895 EXPLOITDB c
Linux Kernel (PonyOS 3.0) - VFS Permissions Local Privilege Escalation
by Hacker Fantastic
EIP-2026-102893 EXPLOITDB text
Linux Kernel (PonyOS 3.0) - ELF Loader Local Privilege Escalation
by Hacker Fantastic
CVE-2015-1389 EXPLOITDB text
Aruba Networks ClearPass Policy Manager <6.4.5 - XSS
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.
by Cristiano Maruti
CVE-2015-2051 EXPLOITDB HIGH ruby VERIFIED
D-Link DIR-645 Firmware < 1.05b01 - Remote Code Execution via HNAP GetDeviceSettings Action
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
by Metasploit
CVSS 8.8
CVE-2015-2797 EXPLOITDB ruby VERIFIED
AirTies Air Firmware < 1.0.2.0 - Remote Code Execution via Long Redirect Parameter
Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login.
by Metasploit
EIP-2026-116094 EXPLOITDB python VERIFIED
Private Shell SSH Client 3.3 - Crash (PoC)
by 3unnym00n
EIP-2026-112574 EXPLOITDB text
TCPDF Library 5.9 - Arbitrary File Deletion
by Filippo Roncari
EIP-2026-102490 EXPLOITDB text
JSPMyAdmin 1.1 - Multiple Vulnerabilities
by hyp3rlinx
EIP-2026-101718 EXPLOITDB ruby
ESC 8832 Data Controller - Multiple Vulnerabilities
by Balazs Makany
CVE-2005-1806 EXPLOITDB text
PeerCast < 0.1211 - Remote Code Execution via Format String in URL
Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL.
by GulfTech Security
CVE-2015-4084 EXPLOITDB text
Free Counter 1.1 - Cross-Site Scripting via value_ Parameter
Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value_ parameter in a check_stat action to wp-admin/admin-ajax.php.
by Panagiotis Vagenas
CVE-2014-8391 EXPLOITDB text VERIFIED
Sendio < 7.2.3 - Authenticated Session Information Exposure
The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests.
by Core Security
CVE-2015-4064 EXPLOITDB text VERIFIED
Landing Pages < 1.8.4 - Authenticated SQL Injection via post Parameter
SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php.
by Adrián M. F.
CVE-2015-4062 EXPLOITDB text VERIFIED
NewStatPress < 0.9.8 - Authenticated SQL Injection via where1 Parameter
SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.
by Adrián M. F.