Exploitdb Exploits
2,689 exploits tracked across all sources.
MS13-096 Microsoft Tagged Image File Format (TIFF) Integer Overflow
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
by Metasploit
CVSS 7.8
ABB MicroSCADA - 'wserver.exe' Remote Code Execution (Metasploit)
by Metasploit
DCNM-SAN Server <6.2(1) - Path Traversal
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.
by Metasploit
Microsoft Silverlight <5.1.20125.0 - RCE
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
by Metasploit
CVSS 7.8
Microsoft Windows - Remote Code Execution via InformationCardSigninHelper ActiveX Control
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability."
by Metasploit
CVSS 8.8
Apache Roller < 5.0.2 - Remote Code Execution via OGNL Injection in getText Methods
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."
by Metasploit
ManageEngine Desktop Central 7.0-9.0 - Path Traversal & Arbitrary File Write via AgentLogUploader
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.
by Metasploit
CVSS 9.8
NETGEAR ReadyNAS <4.1.12 & <4.2.24 - Code Injection
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."
by Metasploit
Supermicro Onboard IPMI CGI Vulnerability Scanner
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter.
by Metasploit
Symantec Altiris Deployment Solution 6.8.x-6.9.x - SQL Injection via Notification Packet String Fields
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.
by Metasploit
VideoSpirit Pro 1.90 - Local Buffer Overflow (SEH)
by metacom
VideoSpirit Lite 1.77 - Local Buffer Overflow (SEH)
by metacom
Provj 5.1.5.8 - 'm3u' Buffer Overflow (PoC)
by Necmettin COSKUN
Hanso Converter 2.4.0 - 'ogg' Buffer Overflow (Denial of Service)
by Necmettin COSKUN
VICIDIAL dialer <2.8-403a, 2.7, 2.7RC1 - Command Injection
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php.
by Metasploit
VICIDIAL < 2.7 - SQL Injection via Campaign Variable in SCRIPT_multirecording_AJAX.php
Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information.
by Metasploit
VICIDIAL dialer <2.8-403a, 2.7, 2.7RC1 - Info Disclosure
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access.
by Metasploit
HansoTools Hanso Player <2.5.0 - Buffer Overflow
Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file.
by Necmettin COSKUN
ProcessMaker Open Source 2.x - Code Injection
A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user can execute arbitrary PHP code via multiple endpoints, including appFolderAjax.php, casesStartPage_Ajax.php, and cases_SchedulerGetPlugins.php, by supplying crafted POST requests to parameters such as action and params. These endpoints fail to validate user input and directly invoke PHP functions like system() with user-supplied parameters, enabling remote code execution. The vulnerability affects both Linux and Windows installations and is present in default configurations of versions including 2.0.23 through 2.5.1. The vulnerable skin cannot be removed through the web interface, and exploitation requires only valid user credentials.
by Metasploit
vtiger CRM 5.3 and 5.4 - Unrestricted Upload of File with Dangerous Type
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
by Metasploit
CVSS 8.8
NAS4Free <= 9.1.0.1.804 - Authenticated Remote Code Execution via Advanced Execute Command Feature
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy.
by Metasploit
ISPConfig 3.0.5.2 - Arbitrary PHP Code Execution
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution
by Metasploit
CVSS 8.8
Zabbix 2.0.9 - Remote Command Execution
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
by Metasploit
CVSS 8.8
openmediavault - Authenticated Remote Code Execution via Cron Service Username Parameter
The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.
by Metasploit
CVSS 8.8
Moodle SpellChecker Path Authenticated Remote Command Execution
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.
by Metasploit
By Source