Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-104124 EXPLOITDB python VERIFIED
w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution
by Jay Turla
CVE-2010-1871 EXPLOITDB HIGH ruby VERIFIED
JBoss Enterprise Application Platform 4.3.0 - Remote Code Execution via JBoss Expression Language Injection
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
by Metasploit
CVSS 8.8
EIP-2026-114200 EXPLOITDB text
WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload
by Claudio Viviani
EIP-2026-112840 EXPLOITDB text
u-Auctions - Multiple Vulnerabilities
by *Don*
CVE-2014-5288 EXPLOITDB HIGH text
Kemp Load Master < 7.1.20b - Cross-Site Request Forgery in Administrative Pages
A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages.
by Roberto Suggi Liverani
CVSS 8.8
CVE-2014-5287 EXPLOITDB HIGH text
Kemp LoadMaster < 7.1-16 - Bash Script Injection via Web User Interface
A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI).
by Roberto Suggi Liverani
CVSS 8.8
CVE-2015-2094 EXPLOITDB html
WebGate WinRDS - Stack-Based Buffer Overflow in WESPPlaybackCtrl
Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control in WebGate WinRDS allows remote attackers to execute arbitrary code via unspecified vectors to the (1) PrintSiteImage, (2) PlaySiteAllChannel, (3) StopSiteAllChannel, or (4) SaveSiteImage function.
by Praveen Darshanam
CVE-2015-2097 EXPLOITDB html
WebGate Embedded Standard Protocol SDK - Buffer Overflows in LoadImage, LoadImageEx, ChangePassword, Connect, and AddID
Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.
by Praveen Darshanam
CVE-2015-2098 EXPLOITDB HIGH html VERIFIED
WebGate eDVR Manager - Remote Code Execution via Stack-Based Buffer Overflow
Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySiteChannel function in the WESPPlayback.WESPPlaybackCtrl.1 control; (5) Connect or (6) ConnectEx function in the WESPPTZ.WESPPTZCtrl.1 control; (7) SiteChannel property in the WESPPlayback.WESPPlaybackCtrl.1 control; (8) SiteName property in the WESPPlayback.WESPPlaybackCtrl.1 control; or (9) OpenDVrSSite function in the WESPPTZ.WESPPTZCtrl.1 control.
by Praveen Darshanam
CVSS 8.8
CVE-2015-2097 EXPLOITDB html VERIFIED
WebGate Embedded Standard Protocol SDK - Buffer Overflows in LoadImage, LoadImageEx, ChangePassword, Connect, and AddID
Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.
by Praveen Darshanam
CVE-2015-2098 EXPLOITDB HIGH html VERIFIED
WebGate eDVR Manager - Remote Code Execution via Stack-Based Buffer Overflow
Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySiteChannel function in the WESPPlayback.WESPPlaybackCtrl.1 control; (5) Connect or (6) ConnectEx function in the WESPPTZ.WESPPTZCtrl.1 control; (7) SiteChannel property in the WESPPlayback.WESPPlaybackCtrl.1 control; (8) SiteName property in the WESPPlayback.WESPPlaybackCtrl.1 control; or (9) OpenDVrSSite function in the WESPPTZ.WESPPTZCtrl.1 control.
by Praveen Darshanam
CVSS 8.8
EIP-2026-114214 EXPLOITDB text VERIFIED
WordPress Plugin WP Easy Slideshow 1.0.3 - Multiple Vulnerabilities
by Divya
EIP-2026-114176 EXPLOITDB text
WordPress Plugin VideoWhisper Video Presentation 3.31.17 - Arbitrary File Upload
by Larry W. Cashdollar
EIP-2026-114173 EXPLOITDB text
WordPress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload
by Larry W. Cashdollar
EIP-2026-114168 EXPLOITDB text
WordPress Plugin Video Gallery 2.8 - Multiple Cross-Site Request Forgery Vulnerabilities
by Divya
CVE-2015-2825 EXPLOITDB text
Simple Ads Manager < 2.5.94 - Unauthenticated Arbitrary File Upload via sam-ajax-admin.php
Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the path parameter.
by ITAS Team
CVE-2015-2824 EXPLOITDB text VERIFIED
Simple Ads Manager < 2.7.97 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3) searchTerm parameter in a load_combo_data action to sam-ajax-admin.php; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action to sam-ajax-admin.php.
by ITAS Team
CVE-2015-2826 EXPLOITDB MEDIUM text
WordPress Simple Ads Manager 2.5.94 and 2.5.96 - Exposure of Sensitive Information
WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.
by ITAS Team
CVSS 5.3
EIP-2026-113615 EXPLOITDB text VERIFIED
WordPress Plugin Business Intelligence - SQL Injection (Metasploit)
by Jagriti Sahu
EIP-2026-113614 EXPLOITDB text VERIFIED
WordPress Plugin Business Intelligence - SQL Injection (Metasploit)
by Jagriti Sahu
EIP-2026-113613 EXPLOITDB text VERIFIED
WordPress Plugin Business Intelligence - SQL Injection (Metasploit)
by Jagriti Sahu
EIP-2026-111201 EXPLOITDB text
phpSFP Schedule Facebook Posts 1.5.6 - SQL Injection
by @u0x
EIP-2026-109640 EXPLOITDB text
Multiple WordPress UpThemes Themes - Arbitrary File Upload
by Divya
EIP-2026-108507 EXPLOITDB text VERIFIED
Joomla! Component com_rand - SQL Injection
by Jagriti Sahu
CVE-2014-7910 EXPLOITDB text
Google Chrome < 39.0.2171.65 - Denial of Service or Other Impact
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Roberto Suggi Liverani