Exploitdb Exploits
50,076 exploits tracked across all sources.
Pixie 1.0.4 - Authenticated Remote Code Execution via Double Extension File Upload
Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg.
by rungga_reksya
CVSS 9.8
Linux Kernel (PonyOS 4.0) - 'fluttershy' LD_LIBRARY_PATH Local Privilege Escalation
by Hacker Fantastic
BackBox Linux 4.6 - Denial of Service via Martian Source IP Packet Flood
BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This product enables net.ipv4.conf.all.log_martians by default. NOTE: the vendor reports "It has been proved that this vulnerability has no foundation and it is totally fake and based on false assumptions.
by FarazPajohan
CVSS 7.5
Zyxel EMG2926 V1.00(AAQT.4)b8 - Command Injection
A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.
by trevor Hough
CVSS 8.8
Splunk Enterprise <6.5.1 & Splunk Light <6.5.2 - Sensitive Info Exposure via Global Window Namespace
Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage.
by hyp3rlinx
CVSS 3.5
Microsoft Xbox One 10.0.14393.2152 - Code Execution (PoC)
by unknownv2
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Kernel Race Condition
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
by Google Security Research
CVSS 7.0
DiskBoss < 8.9 - Buffer Overflow via Import Command XML Name Attribute
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
by Daniel Teixeira
CVSS 7.8
DiskBoss < 8.9 - Buffer Overflow via Import Command XML Name Attribute
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
by Daniel Teixeira
CVSS 7.8
Sync Breeze Enterprise 9.5.16 - 'GET' Remote Buffer Overflow (SEH)
by Daniel Teixeira
DiskBoss < 8.9 - Buffer Overflow via Import Command XML Name Attribute
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
by Daniel Teixeira
CVSS 7.8
Opensource Classified Ads Script - 'keyword' SQL Injection
by Ihsan Sencan
VX Search Enterprise 9.5.12 - 'Verify Email' Buffer Overflow
by ScrR1pTK1dd13
Honeywell Intermec Printers < 10.11.013310 - Local Privilege Escalation via BusyBox Jailbreak
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.
by Jean-Marie Bourbon
CVSS 8.8
MikroTik RouterOS 6.38.5 - Unauthenticated Denial of Service via TCP RST Packet Flood
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.
by FarazPajohan
CVSS 7.5
Internet Information Services 6.0 - Remote Code Execution via WebDAV PROPFIND Request
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
by Zhiniang Peng & Chen Wu
CVSS 9.8
Disk Sorter Enterprise 9.5.12 - Local Buffer Overflow
by Nassim Asrir
Professional Bus Booking Script - 'hid_Busid' SQL Injection
by Ihsan Sencan
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
by Tim Herres
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
by Tim Herres
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
by Tim Herres
By Source