Exploitdb Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109999 EXPLOITDB text
NUUO NVRmini 2 3.0.8 - Local File Disclosure
by LiquidWorm
EIP-2026-109996 EXPLOITDB text
NUUO NVRmini 2 3.0.8 - 'strong_user.php' Backdoor Remote Shell Access
by LiquidWorm
EIP-2026-100868 EXPLOITDB text
NUUO NVRmini 2 3.0.8 - Remote Command Injection (Shellshock)
by LiquidWorm
CVE-2016-5679 EXPLOITDB HIGH text
NUUO NVRmini <3.0.0 - Command Injection
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
by Pedro Ribeiro
CVSS 8.8
CVE-2016-5677 EXPLOITDB HIGH text
NUUO NVRmini <3.0.0 - Info Disclosure
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.
by Pedro Ribeiro
CVSS 7.5
CVE-2016-5676 EXPLOITDB HIGH text
NETGEAR ReadyNAS Surveillance 1.1.1-1.4.1 & NUUO NVRmini2/NVRsolo 1.7.5-2.x - Unauthenticated Admin Password Reset
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
by Pedro Ribeiro
CVSS 7.5
CVE-2016-5675 EXPLOITDB CRITICAL text
NETGEAR ReadyNAS Surveillance 1.1.1-1.4.1 - Remote Code Execution via NTPServer Parameter
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
by Pedro Ribeiro
CVSS 9.8
CVE-2016-5674 EXPLOITDB CRITICAL text
NETGEAR ReadyNAS Surveillance 1.1.1-1.4.1 & NUUO NVRmini2/NVRsolo 1.7.5-3.0.0 - RCE via __debugging_center_utils___.php
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
by Pedro Ribeiro
CVSS 9.8
CVE-2016-5678 EXPLOITDB CRITICAL text
NUUO NVRmini 2 & NVRsolo <3.0.0 - Info Disclosure
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.
by Pedro Ribeiro
CVSS 9.8
EIP-2026-113663 EXPLOITDB text
WordPress Plugin Count Per Day 3.5.4 - Persistent Cross-Site Scripting
by Julien Rentrop
EIP-2026-112466 EXPLOITDB text
Subrion CMS 4.0.5 - SQL Injection
by Vulnerability-Lab
EIP-2026-110740 EXPLOITDB text
PHP Power Browse 1.2 - Directory Traversal
by Manuel Mancera
EIP-2026-103178 EXPLOITDB text
ntop/nbox 2.3 < 2.5 - Multiple Vulnerabilities
by Javier Marcos
EIP-2026-101855 EXPLOITDB text
NASdeluxe NDL-2400r 2.01.09 - OS Command Injection
by SySS GmbH
CVE-2016-5680 EXPLOITDB HIGH text
NUUO NVRmini <3.0.0 - Buffer Overflow
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
by Pedro Ribeiro
CVSS 8.8
EIP-2026-100783 EXPLOITDB text
Davolink DV-2051 - Multiple Vulnerabilities
by Eric Flokstra
CVE-2016-6503 EXPLOITDB MEDIUM text VERIFIED
Wireshark 2.x < 2.0.5 - Denial of Service via CORBA IDL Dissector
The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
by Igor
CVSS 5.9
CVE-2016-6512 EXPLOITDB MEDIUM text VERIFIED
Wireshark 2.x < 2.0.5 - Denial of Service via Crafted Packet in MMSE/WAP/WBXML/WSP Dissectors
epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors.
by Antti Levomäki
CVSS 5.9
EIP-2026-103750 EXPLOITDB text VERIFIED
Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - WSP Dissector Denial of Service
by Chris Benedict
EIP-2026-103749 EXPLOITDB text VERIFIED
Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - RLC Dissector Denial of Service
by Antti Levomäki
CVE-2016-6505 EXPLOITDB MEDIUM text VERIFIED
Wireshark 1.12.x < 1.12.13 and 2.x < 2.0.5 - Denial of Service via PacketBB Dissector
epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.
by Chris Benedict
CVSS 5.9
CVE-2016-6504 EXPLOITDB MEDIUM text VERIFIED
Wireshark 1.12.x < 1.12.13 - Denial of Service via NCP2222 Dissector NULL Pointer Dereference
epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
by Chris Benedict
CVSS 5.9
EIP-2026-110239 EXPLOITDB text
Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)
by Vinesh Redkar
EIP-2026-114220 EXPLOITDB text VERIFIED
WordPress Plugin WP Live Chat Support 6.2.03 - Persistent Cross-Site Scripting
by Dennis Kerdijk & Erwin Kievith
EIP-2026-113598 EXPLOITDB text
WordPress Plugin Booking Calendar 6.2 - SQL Injection
by Edwin Molenaar