Exploitdb Exploits
31,392 exploits tracked across all sources.
NUUO NVRmini 2 3.0.8 - 'strong_user.php' Backdoor Remote Shell Access
by LiquidWorm
NUUO NVRmini 2 3.0.8 - Remote Command Injection (Shellshock)
by LiquidWorm
NUUO NVRmini <3.0.0 - Command Injection
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
by Pedro Ribeiro
CVSS 8.8
NUUO NVRmini <3.0.0 - Info Disclosure
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.
by Pedro Ribeiro
CVSS 7.5
NETGEAR ReadyNAS Surveillance 1.1.1-1.4.1 & NUUO NVRmini2/NVRsolo 1.7.5-2.x - Unauthenticated Admin Password Reset
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
by Pedro Ribeiro
CVSS 7.5
NETGEAR ReadyNAS Surveillance 1.1.1-1.4.1 - Remote Code Execution via NTPServer Parameter
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
by Pedro Ribeiro
CVSS 9.8
NETGEAR ReadyNAS Surveillance 1.1.1-1.4.1 & NUUO NVRmini2/NVRsolo 1.7.5-3.0.0 - RCE via __debugging_center_utils___.php
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
by Pedro Ribeiro
CVSS 9.8
NUUO NVRmini 2 & NVRsolo <3.0.0 - Info Disclosure
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.
by Pedro Ribeiro
CVSS 9.8
WordPress Plugin Count Per Day 3.5.4 - Persistent Cross-Site Scripting
by Julien Rentrop
NUUO NVRmini <3.0.0 - Buffer Overflow
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
by Pedro Ribeiro
CVSS 8.8
Wireshark 2.x < 2.0.5 - Denial of Service via CORBA IDL Dissector
The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
by Igor
CVSS 5.9
Wireshark 2.x < 2.0.5 - Denial of Service via Crafted Packet in MMSE/WAP/WBXML/WSP Dissectors
epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors.
by Antti Levomäki
CVSS 5.9
Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - WSP Dissector Denial of Service
by Chris Benedict
Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - RLC Dissector Denial of Service
by Antti Levomäki
Wireshark 1.12.x < 1.12.13 and 2.x < 2.0.5 - Denial of Service via PacketBB Dissector
epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.
by Chris Benedict
CVSS 5.9
Wireshark 1.12.x < 1.12.13 - Denial of Service via NCP2222 Dissector NULL Pointer Dereference
epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
by Chris Benedict
CVSS 5.9
Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)
by Vinesh Redkar
WordPress Plugin WP Live Chat Support 6.2.03 - Persistent Cross-Site Scripting
by Dennis Kerdijk & Erwin Kievith
WordPress Plugin Booking Calendar 6.2 - SQL Injection
by Edwin Molenaar
By Source