Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102532 EXPLOITDB text
Resin Application Server 4.0.36 - Source Code Disclosure
by LiquidWorm
EIP-2026-101366 EXPLOITDB text
MobileIron Virtual Smartphone Platform - Privilege Escalation
by prdelka
CVE-2003-0001 EXPLOITDB python
FreeBSD - Information Exposure via Ethernet NIC Frame Padding
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
by prdelka
EIP-2026-114303 EXPLOITDB text VERIFIED
WordPress Theme Ambience - 'src' Cross-Site Scripting
by Darksnipper
EIP-2026-109349 EXPLOITDB text VERIFIED
Max Forum - Multiple Vulnerabilities
by CWH Underground
CVE-2013-1081 EXPLOITDB ruby VERIFIED
Novell ZENworks Mobile Management <2.7.0 - Path Traversal
Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter.
by Metasploit
CVE-2013-1311 EXPLOITDB ruby VERIFIED
Microsoft Internet Explorer 8 - Use After Free
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."
by Scott Bell
CVE-2008-1610 EXPLOITDB python VERIFIED
TallSoft Quick TFTP Server Pro 2.1 - Buffer Overflow
Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long mode field in a read or write request.
by npn
EIP-2026-111847 EXPLOITDB text VERIFIED
Ruubikcms 1.1.1 - Persistent Cross-Site Scripting
by expl0i13r
EIP-2026-110770 EXPLOITDB text VERIFIED
PHP Ticket System Beta 1 - Cross-Site Request Forgery
by Pablo Ribeiro
EIP-2026-105762 EXPLOITDB text VERIFIED
Caucho Resin - 'index.php?logout' Cross-Site Scripting
by Gjoko Krstic
EIP-2026-105761 EXPLOITDB text VERIFIED
Caucho Resin - '/resin-admin/' URI Cross-Site Scripting
by Gjoko Krstic
EIP-2026-105020 EXPLOITDB text VERIFIED
AfterLogic WebMail Lite PHP 7.0.1 - Cross-Site Request Forgery
by Pablo Ribeiro
CVE-2013-2852 EXPLOITDB text VERIFIED
Linux kernel <3.9.4 - Privilege Escalation
Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.
by Kees Cook
CVE-2013-5948 EXPLOITDB text
ASUS RT-AC68U and T-Mobile TM-AC1900 - Authenticated OS Command Injection via Network Analysis Target Field
The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).
by drone
CVE-2024-12847 EXPLOITDB CRITICAL text
NETGEAR DGN1000 < 1.1.00.48 - Unauthenticated OS Command Injection via setup.cgi
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC.
by Roberto Paleari
CVSS 9.8
CVE-2013-1559 EXPLOITDB ruby VERIFIED
Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 - Authenticated Denial of Service in Content Server
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect availability via unknown vectors related to Content Server.
by Metasploit
EIP-2026-116057 EXPLOITDB python VERIFIED
PEStudio 3.69 - Denial of Service
by Debasish Mandal
EIP-2026-111846 EXPLOITDB text VERIFIED
Ruubikcms 1.1.1 - 'tinybrowser.php?folder' Directory Traversal
by expl0i13r
EIP-2026-106277 EXPLOITDB text VERIFIED
Cuppa CMS - '/alertConfigField.php' Local/Remote File Inclusion
by CWH Underground
CVE-2013-4878 EXPLOITDB text VERIFIED
Parallels Plesk Panel <9.0.x, 9.2.x - RCE
The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823.
by kingcope
CVE-2013-0984 EXPLOITDB text VERIFIED
Mac OS X <= 10.6.8 - Remote Code Execution in Directory Service
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.
by Core Security
CVE-2013-2134 EXPLOITDB text VERIFIED
Apache Struts 2.0.0-2.3.14.2 - Remote Code Execution via OGNL Expression in Action Name
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
by Jon Passki
CVE-2013-2115 EXPLOITDB HIGH ruby VERIFIED
Apache Struts 2.0.0-2.3.14.1 - Remote Code Execution via OGNL Injection in URL/A Tag
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
by Metasploit
CVSS 8.1
CVE-2013-0230 EXPLOITDB ruby VERIFIED
miniupnpd 1.0 - Remote Code Execution via Long Quoted Method in SOAPAction Handler
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
by Metasploit