Exploitdb Exploits
2,731 exploits tracked across all sources.
Supermicro Onboard IPMI CGI Vulnerability Scanner
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter.
by Metasploit
Symantec Altiris Deployment Solution - SQL Injection
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.
by Metasploit
VideoSpirit Pro 1.90 - Local Buffer Overflow (SEH)
by metacom
VideoSpirit Lite 1.77 - Local Buffer Overflow (SEH)
by metacom
Provj 5.1.5.8 - 'm3u' Buffer Overflow (PoC)
by Necmettin COSKUN
Hanso Converter 2.4.0 - 'ogg' Buffer Overflow (Denial of Service)
by Necmettin COSKUN
VICIDIAL dialer <2.8-403a, 2.7, 2.7RC1 - Command Injection
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php.
by Metasploit
Vicidial < 2.7 - SQL Injection
Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information.
by Metasploit
VICIDIAL dialer <2.8-403a, 2.7, 2.7RC1 - Info Disclosure
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access.
by Metasploit
HansoTools Hanso Player <2.5.0 - Buffer Overflow
Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file.
by Necmettin COSKUN
ProcessMaker Open Source 2.x - Code Injection
A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user can execute arbitrary PHP code via multiple endpoints, including appFolderAjax.php, casesStartPage_Ajax.php, and cases_SchedulerGetPlugins.php, by supplying crafted POST requests to parameters such as action and params. These endpoints fail to validate user input and directly invoke PHP functions like system() with user-supplied parameters, enabling remote code execution. The vulnerability affects both Linux and Windows installations and is present in default configurations of versions including 2.0.23 through 2.5.1. The vulnerable skin cannot be removed through the web interface, and exploitation requires only valid user credentials.
by Metasploit
Vtiger Crm - Unrestricted File Upload
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
by Metasploit
CVSS 8.8
Nas4free < 9.1.0.1.804 - Code Injection
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy.
by Metasploit
ISPConfig 3.0.5.2 - Code Injection
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution
by Metasploit
CVSS 8.8
Zabbix - Injection
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
by Metasploit
CVSS 8.8
Openmediavault - Access Control
The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.
by Metasploit
CVSS 8.8
Moodle SpellChecker Path Authenticated Remote Command Execution
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.
by Metasploit
iTop 1.1.181-1.2.0-RC-282 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
by Metasploit
WebTester 5.x - Command Injection
An OS command injection vulnerability exists in WebTester version 5.x via the install2.php installation script. The parameters cpusername, cppassword, and cpdomain are passed directly to shell commands without sanitization. A remote unauthenticated attacker can exploit this flaw by sending a crafted HTTP POST request, resulting in arbitrary command execution on the underlying system with web server privileges.
by Metasploit
D-Link DIR-605L Wireless N300 Cloud Router <1.13 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device.
by Metasploit
CVSS 9.8
7-Technologies IGSS <9.00.00.11059 - Path Traversal
Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397.
by Metasploit
HP iMC/BIMS - RCE
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.
by Metasploit
Microsoft Internet Explorer - Use After Free
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability."
by Metasploit
CVSS 8.8
By Source