Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-0230 EXPLOITDB python
miniupnpd 1.0 - Remote Code Execution via Long Quoted Method in SOAPAction Handler
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
by Onur Alanbel (BGA)
EIP-2026-103964 EXPLOITDB python VERIFIED
Legend Perl IRC Bot - Remote Code Execution
by Jay Turla
EIP-2026-103751 EXPLOITDB python VERIFIED
Wireshark 1.12.4 - Memory Corruption and Access Violation (PoC)
by Avinash Thapa
CVE-2011-5165 EXPLOITDB python VERIFIED
Free MP3 CD Ripper <= 2.6 - Stack-based Buffer Overflow via Crafted WAV File
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file.
by naxxo
EIP-2026-117815 EXPLOITDB perl VERIFIED
Quick Search 1.1.0.189 - search textbox Buffer Overflow (SEH Unicode) (Egghunter)
by Tomislav Paskalev
CVE-2011-5165 EXPLOITDB perl VERIFIED
Free MP3 CD Ripper <= 2.6 - Stack-based Buffer Overflow via Crafted WAV File
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file.
by ThreatActor
EIP-2026-114141 EXPLOITDB text
WordPress Plugin Ultimate Product Catalogue - SQL Injection (2)
by Felipe Molina
EIP-2026-114140 EXPLOITDB text
WordPress Plugin Ultimate Product Catalogue - SQL Injection (1)
by Felipe Molina
EIP-2026-113381 EXPLOITDB text VERIFIED
WebUI 1.5b6 - Remote Code Execution
by TUNISIAN CYBER
CVE-2015-3643 EXPLOITDB HIGH text
usb-creator <0.2.38.3ubuntu0.1 - Privilege Escalation
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method.
by Tavis Ormandy
CVSS 7.8
EIP-2026-101118 EXPLOITDB php
ZYXEL P-660HN-T1H_IPv6 - Remote Configuration Editor / Web Server Denial of Service
by Koorosh Ghorbani
EIP-2026-117627 EXPLOITDB perl VERIFIED
MooPlayer 1.3.0 - 'm3u' Local Buffer Overflow (SEH) (2)
by Tomislav Paskalev
EIP-2026-113453 EXPLOITDB php
Wolf CMS 0.8.2 - Arbitrary File Upload
by CWH Underground
EIP-2026-110242 EXPLOITDB php
Open-Letters - Remote PHP Code Injection
by TUNISIAN CYBER
CVE-2015-2844 EXPLOITDB text VERIFIED
GoAutoDial GoAdmin CE - Remote Code Execution via cpanel PATH_INFO Parameter
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO.
by Chris McCurley
CVE-2015-2843 EXPLOITDB text VERIFIED
GoAutoDial GoAdmin CE - SQL Injection via User Credentials or PATH_INFO
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/.
by Chris McCurley
CVE-2015-2842 EXPLOITDB text VERIFIED
GoAutoDial GoAdmin CE 3.x - Unauthenticated Arbitrary File Upload via Voice Files Upload
Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in sounds/.
by Chris McCurley
CVE-2014-0556 EXPLOITDB ruby VERIFIED
Adobe Flash Player < 13.0.0.244 and 14.x-15.x < 15.0.0.152 - Remote Code Execution via Heap-Based Buffer Overflow
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0559.
by Metasploit
CVE-2015-3314 EXPLOITDB HIGH text
WordPress Tune Library <1.5.5 - SQL Injection
SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5.
by Hannes Trunde
CVSS 8.1
EIP-2026-113924 EXPLOITDB text
WordPress Plugin NEX-Forms < 3.0 - SQL Injection
by Claudio Viviani
EIP-2026-113898 EXPLOITDB text
WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download (2)
by dadou dz
CVE-2015-3313 EXPLOITDB CRITICAL text
WordPress Community Events <1.4 - SQL Injection
SQL injection vulnerability in WordPress Community Events plugin before 1.4.
by Hannes Trunde
CVSS 9.8
EIP-2026-109387 EXPLOITDB perl
MediaSuite CMS - Artibary File Disclosure
by KnocKout inj3ct0r
CVE-2015-2845 EXPLOITDB text VERIFIED
GoAutoDial GoAdmin CE - OS Command Injection via cpanel PATH_INFO
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.
by Chris McCurley
EIP-2026-104793 EXPLOITDB ruby VERIFIED
WordPress Plugin Work The Flow - Arbitrary File Upload (Metasploit)
by Metasploit