Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-1701 EXPLOITDB HIGH text VERIFIED
Microsoft Win32k - Privilege Escalation
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
by hfiref0x
CVSS 7.8
CVE-2015-1674 EXPLOITDB c
Microsoft Windows < - Privilege Escalation
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover the cng.sys base address, via a crafted application, aka "Windows Kernel Security Feature Bypass Vulnerability."
by 4B5F5F4B
CVE-2008-5753 EXPLOITDB python
BulletProof FTP Client <2.63 - Buffer Overflow
Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar.
by Gabor Seljan
EIP-2026-107191 EXPLOITDB text
Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities
by Filippo Roncari
CVE-2015-3337 EXPLOITDB python
Elasticsearch <1.4.5, <1.5.2 - Path Traversal
Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
by pandujar
EIP-2026-105838 EXPLOITDB text VERIFIED
Chronosite 5.12 - SQL Injection
by Wadeek
EIP-2026-104387 EXPLOITDB text
OYO File Manager 1.1 (iOS / Android) - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2015-3456 EXPLOITDB c
QEMU < 2.3.0 - Memory Corruption via Floppy Disk Controller Commands
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
by Marcus Meissner
EIP-2026-102707 EXPLOITDB c VERIFIED
OpenLitespeed 1.3.9 - Use-After-Free (Denial of Service)
by Denis Andzakovic
EIP-2026-102319 EXPLOITDB text
Wireless Photo Transfer 3.0 iOS - Local File Inclusion
by Vulnerability-Lab
CVE-2005-1642 EXPLOITDB text
Woltlab Burning Board 2.x and earlier - SQL Injection via Email Verification
SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable.
by GulfTech Security
EIP-2026-115426 EXPLOITDB python VERIFIED
iFTP 2.21 - Buffer Overflow Crash (PoC)
by dogo h@ck
EIP-2026-113599 EXPLOITDB text
WordPress Plugin Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities
by i0akiN SEC-LABORATORY
EIP-2026-111017 EXPLOITDB text VERIFIED
PHPCollab 2.5 - 'deletetopics.php' SQL Injection
by Wadeek
EIP-2026-114805 EXPLOITDB ruby VERIFIED
SixApart MovableType - Storable Perl Code Execution (Metasploit)
by Metasploit
EIP-2026-118663 EXPLOITDB python VERIFIED
i.FTP 2.21 - Time Field (SEH)
by Revin Hadi Saputra
EIP-2026-118058 EXPLOITDB python
VideoCharge Vanilla 3.16.4.06 - Local Buffer Overflow
by evil_comrade
EIP-2026-118055 EXPLOITDB python
VideoCharge Professional + Express Vanilla 3.18.4.04 - Local Buffer Overflow
by evil_comrade
EIP-2026-118054 EXPLOITDB python
VideoCharge Express 3.16.3.04 - Local Buffer Overflow
by evil_comrade
EIP-2026-113917 EXPLOITDB bash VERIFIED
WordPress Plugin N-Media Website Contact Form with File Upload 1.3.4 - Arbitrary File Upload (2)
by Claudio Viviani & F17.c0de
EIP-2026-113445 EXPLOITDB text
Wing FTP Server Admin 4.4.5 - Cross-Site Request Forgery (Add User)
by hyp3rlinx
EIP-2026-112402 EXPLOITDB text
SQLBuddy 1.3.3 - Directory Traversal
by hyp3rlinx
EIP-2026-111354 EXPLOITDB text VERIFIED
Pluck CMS 4.7 - Directory Traversal
by Wadeek
EIP-2026-106788 EXPLOITDB text
eFront 3.6.15 - PHP Object Injection
by Filippo Roncari
EIP-2026-106787 EXPLOITDB text
eFront 3.6.15 - Multiple SQL Injections
by Filippo Roncari