Exploitdb Exploits

50,121 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-4889 EXPLOITDB
ManageEngine Firewall Analyzer 7.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
CVE-2013-4975 EXPLOITDB HIGH
Hikvision DS-2CD7153-E - Privilege Escalation
Hikvision DS-2CD7153-E IP Camera has Privilege Escalation
CVSS 8.8
CVE-2013-4976 EXPLOITDB CRITICAL
Hikvision DS-2CD7153-E - Auth Bypass
Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials
CVSS 9.8
CVE-2013-7247 EXPLOITDB
Franklin Fueling Systems TS-550 evo <2.4.0 - Info Disclosure
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST.
CVE-2014-8868 EXPLOITDB
EntryPass N5200 - Info Disclosure
EntryPass N5200 Active Network Control Panel does not properly restrict access, which allows remote attackers to obtain the administrator username and password, and possibly other sensitive information, via a request to /4.
CVE-2013-4096 EXPLOITDB
DS3 Authentication Server - Improper Input Validation
ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOST_NAME field.
CVE-2013-4097 EXPLOITDB
DS3 Authentication Server - Path Traversal
ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message.
CVE-2013-3612 EXPLOITDB
Dahuasecurity Dvr0404hd-a - Credentials Management
Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.
CVE-2013-3613 EXPLOITDB
Dahuasecurity Dvr0404hd-a - Authentication Bypass
Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.
CVE-2013-3614 EXPLOITDB
Dahuasecurity Dvr0404hd-a - Access Control
Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2013-3615 EXPLOITDB
Dahuasecurity Dvr0404hd-a - Credentials Management
Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack.
CVE-2013-1600 EXPLOITDB MEDIUM
Dlink Dcs-2102 Firmware - Authentication Bypass
An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when streaming live video in D-Link TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-2121 1.06_FR, 1.06, and 1.05_RU, DCS-2102 1.06_FR. 1.06, and 1.05_RU, which could let a malicious user obtain sensitive information.
CVSS 5.3
CVE-2013-1601 EXPLOITDB MEDIUM
Dlink Dcs-3411 Firmware - Information Disclosure
An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03, which could let a malicious user obtain sensitive information. which could let a malicious user obtain sensitive information.
CVSS 5.3
CVE-2013-1602 EXPLOITDB HIGH
Dlink Dcs-3411 Firmware - Information Disclosure
An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02, which could let a malicious user obtain unauthorized access to video streams.
CVSS 7.5
CVE-2013-7052 EXPLOITDB CRITICAL
Dlink Dir-100 Firmware - Insufficiently Protected Credentials
D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script
CVSS 9.8
CVE-2013-7053 EXPLOITDB HIGH
Dlink Dir-100 Firmware - CSRF
D-Link DIR-100 4.03B07: cli.cgi CSRF
CVSS 8.8
CVE-2013-7054 EXPLOITDB MEDIUM
Dlink Dir-100 Firmware - XSS
D-Link DIR-100 4.03B07: cli.cgi XSS
CVSS 6.1
CVE-2013-2679 EXPLOITDB MEDIUM
Cisco Linksys E4200 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.
CVSS 6.1
CVE-2013-2680 EXPLOITDB HIGH
Cisco Linksys E4200 <1.0.05 - Info Disclosure
Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information.
CVSS 7.5
CVE-2013-2681 EXPLOITDB CRITICAL
Cisco Linksys E4200 <1.0.05 Build 7 - Auth Bypass
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access.
CVSS 9.8
CVE-2013-2682 EXPLOITDB MEDIUM
Cisco Linksys E4200 <1.0.05 Build 7 - Info Disclosure
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.
CVSS 4.3
CVE-2013-2683 EXPLOITDB MEDIUM
Cisco Linksys E4200 <1.0.05 - Info Disclosure
Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information.
CVSS 5.3
CVE-2014-8423 EXPLOITDB ruby
Arris Vap2500 Firmware < 08.41 - Injection
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors.
CVE-2014-8424 EXPLOITDB ruby
Arris Vap2500 Firmware < 08.41 - Authentication Bypass
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.
CVE-2013-3540 EXPLOITDB
Ovislink Airlive Od-2025hd - CSRF
Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.
By Source
All 50,121 Exploitdb 50,121 Writeup 46,717 Nomisec 21,135 Metasploit 3,189 Github 2,247 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,737 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 247 shell 68 go 41 postscript 25 xml 24