Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-0273 EXPLOITDB text
PHP < 5.4.38, 5.5.x < 5.5.22, 5.6.x < 5.6.6 - Use-After-Free via Crafted Serialized DateTime Data
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.
by Taoguang Chen
CVE-2015-0555 EXPLOITDB html
Samsung iPOLiS Device Manager 1.12.2 - Remote Code Execution via ReadConfigValue or WriteConfigValue Function
Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function.
by Praveen Darshanam
EIP-2026-119683 EXPLOITDB text
Pentaho < 4.5.0 - User Console XML Injection
by K.d Long
CVE-2015-1517 EXPLOITDB text
Piwigo < 2.7.3 - Authenticated SQL Injection via Filter Level Parameter
SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
by Sven Schleier
EIP-2026-111293 EXPLOITDB text
Piwigo 2.7.3 - Multiple Vulnerabilities
by Steffen Rösemann
EIP-2026-104736 EXPLOITDB text
jQuery - jui_filter_rules PHP Code Execution
by Timo Schmid
EIP-2026-104214 EXPLOITDB text
CrushFTP 7.2.0 - Multiple Vulnerabilities
by Rehan Ahmed
CVE-2014-0980 EXPLOITDB python VERIFIED
Publish-It PUI Buffer Overflow (SEH)
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
by Andrew Smith
CVE-2014-9262 EXPLOITDB HIGH text
Wordpress <0.5.10 - Authenticated RCE
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.
by Kacper Szurek
CVSS 8.2
EIP-2026-101640 EXPLOITDB bash
D-Link DSL-2640B ADSL Router - 'ddnsmngr' Remote DNS Change
by Todor Donev
CVE-2025-34128 EXPLOITDB HIGH ruby VERIFIED
X360 VideoPlayer <2.6 - Buffer Overflow
A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.
by Metasploit
EIP-2026-107532 EXPLOITDB html
Guppy CMS 5.0.9/5.00.10 - Authentication Bypass/Change Email
by Brandon Murphy
EIP-2026-107531 EXPLOITDB html
GuppY CMS 5.0.9 < 5.00.10 - Multiple Cross-Site Request Forgery Vulnerabilities
by Brandon Murphy
CVE-2015-2342 EXPLOITDB ruby VERIFIED
VMware vCenter Server 5.0-5.5 and 6.0 - Remote Code Execution via JMX RMI MBean Registration
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.
by Metasploit
CVE-2015-2070 EXPLOITDB text
eTouch SamePage Enterprise Edition 4.4.0.0.239 - SQL Injection via catId Parameter
SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed.
by Brandon Perry
CVE-2015-2199 EXPLOITDB text
WonderPlugin Audio Player < 2.0 - Authenticated SQL Injection via item[id] Parameter
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.
by Kacper Szurek
CVE-2015-2218 EXPLOITDB text
WonderPlugin Audio Player < 2.0 - Cross-Site Scripting via item[name] or item[customcss] Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.
by Kacper Szurek
CVE-2015-1494 EXPLOITDB text VERIFIED
FancyBox for WordPress <3.0.3 - XSS
The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an mfbfw[*] parameter in an update action to wp-admin/admin-post.php, as demonstrated by the mfbfw[padding] parameter and exploited in the wild in February 2015.
by NULLpOint7r
CVE-2015-2071 EXPLOITDB text
eTouch SamePage Enterprise Edition 4.4.0.0.239 - Authenticated Path Traversal via filepath Parameter
Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter.
by Brandon Perry
CVE-2013-4730 EXPLOITDB python
pcman's ftp server 2.0.7 - Unauthenticated Buffer Overflow via USER Command
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by R-73eN
EIP-2026-117837 EXPLOITDB text
Realtek 11n Wireless LAN utility - Local Privilege Escalation
by Humberto Cabrera
CVE-2015-2196 EXPLOITDB php VERIFIED
Spider Event Calendar 1.4.9 - SQL Injection via cat_id Parameter
SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php.
by Mateusz Lach
CVE-2015-2065 EXPLOITDB text
Apptha WordPress Video Gallery < 2.7 - SQL Injection via vid Parameter
SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php.
by Claudio Viviani
CVE-2014-8690 EXPLOITDB text
Exponent CMS < 2.1.4, 2.2.x < 2.2.3, 2.3.x < 2.3.1 - Cross-Site Scripting via PATH_INFO or User Profile Fields
Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to index.php, or the (3) "First Name" or (4) "Last Name" field to users/edituser.
by Mayuresh Dani
CVE-2025-34127 EXPLOITDB CRITICAL ruby VERIFIED
Achat Chat Server 0.150 - Stack-based Buffer Overflow via UDP Port 9256
A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handler (SEH) due to insufficient bounds checking on user-supplied input leading to remote code execution.
by Metasploit