Exploitdb Exploits
50,076 exploits tracked across all sources.
Bellini/Supercook Wi-Fi Yumi SC200 - Multiple Vulnerabilities
by James McLean
Technicolor TC7200 Modem/Router STD6.02.11 - Multiple Vulnerabilities
by Gergely Eberhardt
Drupal Module Coder < 7.x-1.3/7.x-2.6 - Remote Code Execution
by Raz0r
TFTP Server 1.4 - 'WRQ' Remote Buffer Overflow (Egghunter)
by Karn Ganeshen
TeamPass Passwords Management System 2.1.26 - Arbitrary File Download
by Hasan Emre Ozer
NetBSD <7.0 - Local Privilege Escalation
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
by akat1
CVSS 7.8
Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities
Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like appName, vhost, uiAppType, and wowzaCloudDestinationType in multiple endpoints to execute arbitrary HTML and JavaScript in a user's browser session.
by LiquidWorm
CVSS 6.1
Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint
Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoint to create new admin accounts with arbitrary credentials.
by LiquidWorm
CVSS 5.3
Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit
Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser parameters set to 'true' and 'on' to gain administrative access.
by LiquidWorm
CVSS 8.8
Wowza Streaming Engine 4.5.0 Local Privilege Escalation via nssm_x64.exe
Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssm_x64.exe binary in the manager and engine service directories with malicious executables to execute code with LocalSystem privileges when services restart.
by LiquidWorm
CVSS 7.8
Django <1.8.14, <1.9.x, <1.10rc1 - XSS
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
by Vulnerability-Lab
CVSS 6.1
WordPress Plugin Video Player 1.5.16 - SQL Injection
by David Vaartjes
Drupal Module RESTWS 7.x - PHP Remote Code Execution (Metasploit)
by Mehmet Ince
Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, 12.2.1.0 - Remote Code Execution via T3 Protocol Deserialization
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
by Nikhil Sreekumar
CVSS 9.8
OpenSSH < 7.2 - User Enumeration via Timing Attack on Password Hashing
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
by 0_o
CVSS 5.9
newsp.eu PHP Calendar Script 1.0 - User Credentials Disclosure
by Meisam Monsef
NewsP Free News Script 1.4.7 - User Credentials Disclosure
by Meisam Monsef
Axis Communications MPQT/PACS 5.20.x - Server-Side Include Daemon Remote Format String
by bashis
OpenSSH < 7.2 - User Enumeration via Timing Attack on Password Hashing
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
by Eddie Harari
CVSS 5.9
Meinberg IMS-LANTIME - Buffer Overflow
Stack-based buffer overflow in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request.
by b0yd
CVSS 7.3
Meinberg IMS-LANTIME - Privilege Escalation
The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote authenticated users to obtain root privileges for writing to unspecified scripts, and consequently obtain sensitive information or modify data, by leveraging access to the nobody account.
by b0yd
CVSS 8.1
Clear Voyager Hotspot IMW-C910W - Arbitrary File Disclosure
by Damaster
Joomla! Component Guru Pro - 'Itemid' SQL Injection
by s0nk3y
Riverbed SteelCentral NetProfiler & NetExpress <10.8.7 - RCE
An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection vulnerability in the '/api/common/1.0/login' endpoint can be exploited to create a new user account in the appliance database. This user can then trigger a command injection vulnerability in the '/index.php?page=licenses' endpoint to execute arbitrary commands. The attacker may escalate privileges to root by exploiting an insecure sudoers configuration that allows the 'mazu' user to execute arbitrary commands as root via SSH key extraction and command chaining. Successful exploitation allows full remote root access to the virtual appliance.
by Metasploit
Apache Archiva < 1.3.9 - Cross-Site Request Forgery via Token Parameter
Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repository proxy connectors via the token parameter to admin/addProxyConnector_commit.action, (2) new repositories via the token parameter to admin/addRepository_commit.action, (3) edit existing repositories via the token parameter to admin/editRepository_commit.action, (4) add legacy artifact paths via the token parameter to admin/addLegacyArtifactPath_commit.action, (5) change the organizational appearance via the token parameter to admin/saveAppearance.action, or (6) upload new artifacts via the token parameter to upload_submit.action.
by Julien Ahrens
CVSS 8.8
By Source