Exploitdb Exploits
2,689 exploits tracked across all sources.
Lexmark MarkVision Enterprise <2.1 - Path Traversal
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.
by Metasploit
CVSS 9.8
Pandora FMS < 3.1 - Unauthenticated Authentication Bypass via Empty loginhash_pwd
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter.
by Metasploit
op5config/welcome <2.0.3 - Command Injection
op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.
by Metasploit
i-Ftp 2.20 - Stack-based Buffer Overflow via Schedule.xml Time Attribute
A stack-based buffer overflow vulnerability exists in i-Ftp version 2.20 due to improper handling of the Time attribute within Schedule.xml. By placing a specially crafted Schedule.xml file in the i-Ftp application directory, a remote attacker can trigger a buffer overflow during scheduled download parsing, potentially leading to arbitrary code execution or a crash.
by Metasploit
ProjectSend r100-r561 - Unauthenticated Arbitrary File Upload and Remote Code Execution via process-upload.php
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.
by Metasploit
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit)
by Patrick Webster
Varnish < 2.1.0 - Unauthenticated Remote Code Execution via CLI vcl.inline Directive
The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.
by Patrick Webster
Ettercap < 0.8.0 - Heap-Based Buffer Overflow via PostgreSQL Password Length
Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the password.
by Nick Sampanis
Mozilla Firefox < 18.0 - Remote Code Execution via SVG and Plugin Interaction
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.
by Metasploit
Malwarebytes Anti-Malware <2.0.3 & MBAE <1.04.1.1012 - RCE
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.
by Metasploit
Actual Analyzer <2014-08-29 - Code Injection
Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation.
by Metasploit
CVSS 9.8
Tuleap < 7.7 - Authenticated PHP Object Injection via Project Registration Data Parameter
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
by Metasploit
Advantech AdamView < 4.3 - Remote Code Execution via Crafted GNI File Parameters
Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter in a GNI file.
by Muhamad Fadzil Ramli
Mac OS X IOKit Keyboard Driver Root Privilege Escalation
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
by Metasploit
CVSS 7.8
tinc < 1.0.21 and 1.1 < 1.1pre7 - Authenticated Stack-Based Buffer Overflow via Large TCP Packet
Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet.
by Metasploit
Pandora FMS <5.0 SP2 - SQL Injection
An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhash_data parameter, allowing attackers to extract administrator credentials or active session tokens via crafted requests. This occurs because input is directly concatenated into an SQL query without adequate validation, enabling SQL injection. After authentication is bypassed, a second vulnerability in the File Manager component permits arbitrary PHP file uploads. The file upload functionality does not enforce MIME-type or file extension restrictions, allowing authenticated users to upload web shells into a publicly accessible directory and achieve remote code execution.
by Metasploit
Mini-stream RM-MP3 Converter <3.1.2.1.2010.03.30 - Buffer Overflow
Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file.
by Muhamad Fadzil Ramli
Device42 WAN Emulator 2.3 - Traceroute Command Injection (Metasploit)
by Brandon Perry
Device42 WAN Emulator 2.3 - Ping Command Injection (Metasploit)
by Brandon Perry
ARRIS VAP2500 Firmware < 08.41 - Unauthenticated Exposure of Sensitive Information via Configuration Files
The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files.
by HeadlessZeke
Hikvision DVR DS-7204 Firmware 2.2.10 build 131009 - Remote Code Execution via RTSP PLAY Authorization Header
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header.
by Metasploit
MantisBT - Remote Code Execution via XmlImportExport Plugin Preg Replace
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
by Metasploit
MantisBT < 1.2.17 - Unauthenticated Arbitrary File Upload and Information Disclosure via XML Import/Export Plugin
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.
by Metasploit
Samsung Galaxy KNOX Android Browser - Remote Code Execution (Metasploit)
by Metasploit
MS14-064 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
by Metasploit
CVSS 7.8
By Source