Exploitdb Exploits
2,012 exploits tracked across all sources.
Mail ON Update < 5.1.0 - CSRF
Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change the "List of alternative recipients" via the mailonupdate_mailto parameter in the mail-on-update page to wp-admin/options-general.php. NOTE: a third party claims that 5.2.1 and 5.2.2 are also vulnerable, but the issue might require a separate CVE identifier since this might reflect an incomplete fix.
by Henri Salo
Belkin F5D8236-4 v2 - CSRF
Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via the remote_mgmt_enabled and remote_mgmt_port parameters.
by Jacob Holcomb
TP-LINK WR1043N - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory traversal") to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm.
by Jacob Holcomb
D-Link DIR865L <1.05b07 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. A1) with firmware before 1.05b07 allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password or (2) enable remote management via a request to hedwig.cgi or (3) activate configuration changes via a request to pigwidgeon.cgi.
by Jacob Holcomb
FirePHP Firefox Plugin 0.7.1 - Remote Command Execution
by Wireghoul
Google Chrome <27.0.1453.93 - Use After Free
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.
by Google Security Research
Mitsubishi MX Component 3 - Buffer Overflow
Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control.
by Dr_IDE
LiquidXML Studio 2012 - ActiveX Insecure Method Executable File Creation
by Dr_IDE
WordPress Plugin IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities
by m3tamantra
WordPress Plugin Occasions 1.0.4 - Cross-Site Request Forgery
by m3tamantra
WordPress Plugin Occasions - Cross-Site Request Forgery
by m3tamantra
Dell SonicWALL Scrutinizer - Multiple HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
Novell GroupWise <8.0.3-2012 - RCE/DoS
The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors.
by High-Tech Bridge
Microsoft Internet Explorer - Code Injection
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
by sickness
Samsung Kies < 2.5.0.12114_1 - Memory Corruption
Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument.
by High-Tech Bridge
Bulbsecurity Smartphone Pentest Framework - OS Command Injection
Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl.
by High-Tech Bridge
CVSS 9.8
Open-Realty 2.5.8 - Cross-Site Request Forgery
by Aung Khant
Aladdin Knowledge System Ltd - 'PrivAgent.ocx' ChooseFilePath Buffer Overflow
by b33f
WHMCompleteSolution (WHMCS) 4.5.2 - 'googlecheckout.php' SQL Injection
by Starware Security Team
WordPress Plugin Wordfence Security - Cross-Site Scripting
by MustLive
By Source