Exploitdb Exploits
31,337 exploits tracked across all sources.
ZTE Zxhn H108n R1a Firmware - Access Control
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action.
by Karn Ganeshen
CVSS 4.9
ZTE Zxhn H108n R1a Firmware - Information Disclosure
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.
by Karn Ganeshen
CVSS 7.5
ZTE Zxhn H108n R1a Firmware - Information Disclosure
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.
by Karn Ganeshen
CVSS 6.5
ZTE Zxv10 W300 Firmware - Credentials Management
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.
by Karn Ganeshen
CVSS 8.8
Netwin SurgeFTP Sever 23d6 - Persistent Cross-Site Scripting
by Un_N0n
Horde <5.2.8-5.2.11 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.
by High-Tech Bridge SA
Google Chrome < 45.0.2454.101 - Denial of Service
Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Google Security Research
IBM I Access - Memory Corruption
Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors.
by hyp3rlinx
CVSS 8.8
IBM i Access 7.1 - DoS
Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors.
by hyp3rlinx
CVSS 5.5
Alegrocart - Code Injection
PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2.
by Curesec Research Team
CVSS 7.2
Alegrocart - SQL Injection
Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php.
by Curesec Research Team
CVSS 7.2
TECO TP3-PCLINK 2.1 - '.tpc' Handling Buffer Overflow (PoC)
by LiquidWorm
TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH) (PoC)
by LiquidWorm
TECO AP-PCLINK 1.094 - '.tpc' File Handling Buffer Overflow (PoC)
by LiquidWorm
Microsoft Windows 10 - Improper Input Validation
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6103.
by Google Security Research
Microsoft Windows 10 - Improper Input Validation
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6104.
by Google Security Research
Kaspersky AntiVirus - Certificate Handling Directory Traversal
by Google Security Research
Kaspersky AntiVirus - '.ZIP' File Format Use-After-Free
by Google Security Research
Kaspersky AntiVirus - '.DEX' File Format Memory Corruption
by Google Security Research
VideoLAN VLC Media Player Web Interface 2.2.1 - Metadata Title Cross-Site Scripting
by Andrea Sindoni
D-Link DIR-816L <2.06.B09_BETA - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.
by Bhadresh Patel
D-Link DIR-890L/R - Multiple Buffer Overflow Vulnerabilities
by Samuel Huntley
By Source