Exploitdb Exploits
2,731 exploits tracked across all sources.
freeFTPd 1.0.10 - 'PASS' Remote Buffer Overflow (SEH) (Metasploit)
by Muhamad Fadzil Ramli
Oracle MySQL <5.5.28 - Privilege Escalation
Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation
by Metasploit
Woltlab Burning Board FLVideo Addon - 'video.php?value' SQL Injection
by Easy Laster
Microsoft Internet Explorer <10 - Code Injection
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
by Metasploit
HP LoadRunner <11.52 - RCE
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.
by Metasploit
Mozilla Firefox <18 - Use After Free
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content.
by Metasploit
HP LoadRunner <11.52 - RCE
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671.
by Metasploit
Mac OS X Sudo Password Bypass
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
by Metasploit
Vmware Workstation - Access Control
vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function.
by Metasploit
Oracle Endeca Server - Info Disclosure
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3764.
by Metasploit
Redhat Openstack < 1.2.0 - Access Control
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
by Metasploit
Graphite <0.9.10 - RCE
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
by Metasploit
Schneider Electric PLC ETY Series Ethernet Controller - Denial of Service
by Arash Abedian
Cogent DataHub - HTTP Server Buffer Overflow (Metasploit)
by Metasploit
Java storeImageArray() Invalid Array Indexing Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
by Metasploit
CVSS 9.8
MiniWeb HTTP Server <= Build 300 - File Upload
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a malicious .exe in system32, followed by a .mof file in the WMI directory. This triggers execution of the payload with SYSTEM privileges via the Windows Management Instrumentation service. The exploit is only viable on Windows versions prior to Vista.
by Metasploit
Ultra Mini HTTPD 1.21 - Buffer Overflow
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
by Metasploit
Intrasrv 1.0 - Remote Buffer Overflow (Metasploit)
by Metasploit
Jpchacha Chasys Draw Ies < 4.10.01 - Memory Corruption
Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote attackers to execute arbitrary code via crafted biPlanes and biBitCount fields in a BMP file.
by Metasploit
Joomla! <2.5.14, <3.1.5 - Auth Bypass
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.
by Metasploit
Open-ftpd < 1.2 - Authentication Bypass
Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first.
by Metasploit
HP LeftHand Virtual SAN Appliance <10.0 - RCE
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1510.
by Metasploit
D-Link DIR-300 rev B & DIR-600 <2.13/2.14b01 - Command Injection
An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter.
by Metasploit
CVSS 9.8
Openx - Code Injection
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code
by Metasploit
CVSS 9.8
By Source