Exploitdb Exploits
2,689 exploits tracked across all sources.
Citrix Provisioning Services 5.6 SP1 - Streamprocess Opcode 0x40020004 Buffer Overflow (Metasploit)
by Metasploit
Citrix Provisioning Services 5.6 SP1 - Streamprocess Opcode 0x40020002 Buffer Overflow (Metasploit)
by Metasploit
PHP Volunteer Management System v1.0.2 - Code Injection
PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ directory without any restriction on file type or extension. Because this directory is publicly accessible and lacks execution controls, attackers can upload a malicious PHP payload and execute it remotely. The application ships with default credentials, making exploitation trivial. Once authenticated, the attacker can upload a PHP shell and trigger it via a direct GET request.
by Metasploit
mplayer2 - Stack-based Buffer Overflow in SAMI Subtitle Parser
Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a SAMI subtitle file.
by Metasploit
Lattice Semiconductor ispVM System v18.0.2 - Buffer Overflow
Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag, the application fails to properly validate input length, allowing a specially crafted file to overwrite memory on the stack. This can result in arbitrary code execution under the context of the user who opens the file. The vulnerability is triggered locally by opening a malicious .xcf file and does not require elevated privileges.
by Metasploit
Symantec Web Gateway < 5.0.3 - Remote Code Execution via Management GUI Script Access
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
by Metasploit
WeBid < 1.0.2 - Unauthenticated Remote Code Execution via Converter.php to Parameter
WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remote code execution when the modified script is accessed or included by the application.
by Metasploit
QuickShare File Server 1.2.1 - Path Traversal
QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement.
by Metasploit
RabidHamster R4 v1.25 - Buffer Overflow
RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code execution under the context of the web server process.
by Metasploit
OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.
by Metasploit
appRain CMF <= 0.1.5 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
by Metasploit
Apple iOS 5.1.1 Safari Browser - 'JS match()' / 'search()' Crash (PoC)
by Alberto Ortega
FlexNet License Server Manager - lmgrd Buffer Overflow (Metasploit)
by Metasploit
HP SAN/iQ < 9.5 - Authenticated OS Command Injection via Ping Parameter
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.
by Metasploit
Foxit Reader <3.0 Build 1506 - Buffer Overflow
Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file" action.
by Metasploit
MediaChance Real-DRAW PRO 5.2.4 - DoS
MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted (1) PNG, (2) WMF, (3) PSD, (4) TGA, (5) TTF, (6) BMP, (7) TIFF, or (8) PCX file.
by Ahmed Elhady Mohamed
DVD-Lab Studio 1.25 - '.DAL' File Open Crash
by Ahmed Elhady Mohamed
HP SAN/iQ < 9.5 - Unauthenticated Remote Access via Hardcoded Password
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
by Metasploit
Oracle WebLogic Server <10.3 - Buffer Overflow
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
by Metasploit
activeCollab Chat Module < 1.5.2 - Authenticated Remote Code Execution via Message Text Parameter
functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch.
by Metasploit
Squiggle 1.7 - SVG Browser Java Code Execution (Metasploit)
by Metasploit
MultiMedia Builder 4.9.8 - '.mef' Denial of Service
by Ahmed Elhady Mohamed
Mozilla Firefox <4.10 - Use After Free
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.
by Metasploit
Distinct TFTP 3.01 - Writable Directory Traversal Execution (Metasploit)
by Metasploit
WikkaWiki 1.3.1 and 1.3.2 - Arbitrary PHP Code Execution via File Upload with Multiple Extensions
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
by Metasploit
By Source