Text Exploits
31,394 exploits tracked across all sources.
Ubiquiti AirVision Firmware < 1.1.6 - Remote Code Execution via RTSP DESCRIBE Request
Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute arbitrary code via a long rtsp: URI in a DESCRIBE request.
by Core Security
WordPress Plugin WP-SendSms 1.0 - Multiple Vulnerabilities
by expl0i13r
Network Weathermap < 0.97c - Path Traversal via Mapname Parameter
Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action.
by Anthony Dubuissez
Simple PHP Agenda < 2.2.9 - Authenticated SQL Injection via edit_event.php eventid Parameter
SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter.
by Anthony Dubuissez
mkCMS - 'index.php' Arbitrary PHP Code Execution
by CWH Underground
Buffalo WZR-HP-G300NH2 - Cross-Site Request Forgery
by Prayas Kulshrestha
ScriptCase - 'scelta_categoria.php' SQL Injection
by Hossein Hezami
Lokboard - 'index_4.php' PHP Code Injection
by CWH Underground
HP Insight Diagnostics 9.4.0.4710 - Remote File Inclusion via path Parameter
hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.
by Markus Wulftange
HP Insight Diagnostics 9.4.0.4710 - Path Traversal and Arbitrary File Write via devicePath Parameter
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.
by Markus Wulftange
Resin Application Server 4.0.36 - Source Code Disclosure
by LiquidWorm
MobileIron Virtual Smartphone Platform - Privilege Escalation
by prdelka
WordPress Theme Ambience - 'src' Cross-Site Scripting
by Darksnipper
Ruubikcms 1.1.1 - Persistent Cross-Site Scripting
by expl0i13r
PHP Ticket System Beta 1 - Cross-Site Request Forgery
by Pablo Ribeiro
Caucho Resin - 'index.php?logout' Cross-Site Scripting
by Gjoko Krstic
Caucho Resin - '/resin-admin/' URI Cross-Site Scripting
by Gjoko Krstic
AfterLogic WebMail Lite PHP 7.0.1 - Cross-Site Request Forgery
by Pablo Ribeiro
Linux kernel <3.9.4 - Privilege Escalation
Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.
by Kees Cook
ASUS RT-AC68U and T-Mobile TM-AC1900 - Authenticated OS Command Injection via Network Analysis Target Field
The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).
by drone
NETGEAR DGN1000 < 1.1.00.48 - Unauthenticated OS Command Injection via setup.cgi
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC.
by Roberto Paleari
CVSS 9.8
By Source