Core Security

131 exploits Active since Mar 2003
CVE-2013-4982 EXPLOITDB CRITICAL text WORKING POC
AVTECH AVN801 DVR Firmware - Authentication Bypass via Captcha
AVTECH AVN801 DVR has a security bypass via the administration login captcha
CVSS 9.8
CVE-2014-8387 EXPLOITDB text WORKING POC
Advantech EKI-6340 2.05 - Authenticated OS Command Injection via pinghost Parameter
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.
CVE-2014-8612 EXPLOITDB text WRITEUP
FreeBSD - Local Privilege Escalation and Arbitrary Kernel Memory Read via SCTP Stream ID
Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option.
EIP-2026-100693 EXPLOITDB python WORKING POC
OpenBSD - ICMPv6 Fragment Remote Execution
CVE-2014-0997 EXPLOITDB HIGH text WORKING POC
Android < 5.0.1 - Denial of Service via Crafted 802.11 Probe Response Frame
WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame.
CVSS 7.5
CVE-2010-3267 EXPLOITDB text WRITEUP
BugTracker.NET <3.4.5 - SQL Injection
Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx, the (3) new_project or (4) us_id parameter to edit_bug.aspx, or (5) the bug_list parameter to massedit.aspx. NOTE: some of these details are obtained from third party information.