Exploitdb Exploits
50,076 exploits tracked across all sources.
ZTE ZXHN H108N R1A < ZTE.bhs.ZXHNH108NR1A.k_PE - Sensitive Info Exposure via cgi-bin/webproc
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.
by Karn Ganeshen
CVSS 7.5
chkrootkit < 0.50 - Local Privilege Escalation via Trojan Horse Executable
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.
by Metasploit
ZTE ZXHN H108N R1A and ZXV10 W300 - Authenticated Sensitive Information Exposure via Configuration File
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.
by Karn Ganeshen
CVSS 6.5
ZTE Zxv10 W300 Firmware - Credentials Management
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.
by Karn Ganeshen
CVSS 8.8
Netwin SurgeFTP Sever 23d6 - Persistent Cross-Site Scripting
by Un_N0n
SuperScan 4.1 - Windows Enumeration Hostname/IP/URL Field Overflow (SEH)
by Luis Martínez
SuperScan 4.1 - Tools Hostname/IP/URL Field Buffer Overflow
by Luis Martínez
SuperScan 4.1 - Scan Hostname/IP Field Buffer Overflow
by Luis Martínez
Sam Spade 1.14 - Decode URL Buffer Overflow Crash (PoC)
by Vivek Mahajan
Horde Groupware < 5.2.11 - Cross-Site Request Forgery via Admin Shell Parameters
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.
by High-Tech Bridge SA
Google Chrome < 45.0.2454.101 - Denial of Service
Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Google Security Research
F5 BIG-IP and BIG-IQ - Authenticated Privilege Escalation via iCall Script or Handler
The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0, BIG-IP GTM 11.3.0 before 11.6.0 HF6, BIG-IP PSM 11.3.0 through 11.4.1, Enterprise Manager 3.1.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote authenticated users with the "Resource Administrator" role to gain privileges via an iCall (1) script or (2) handler in a SOAP request to iControl/iControlPortal.cgi.
by Metasploit
IBM i Access 7.1 - Local Privilege Escalation via Buffer Overflow
Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors.
by hyp3rlinx
CVSS 8.8
IBM i Access 7.1 - Denial of Service via Buffer Overflow
Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors.
by hyp3rlinx
CVSS 5.5
EIP-2026-114165
EXPLOITDB
WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload
by Panagiotis Vagenas
Idera Up.Time Monitoring Station <=7.2 - RCE
An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP files to the webroot. Successful exploitation results in remote code execution as the web server user. NOTE: The bypass for this vulnerability is tracked as CVE-2015-9263.
by Metasploit
AlegroCart 1.2.8 - Authenticated Remote Code Execution via File Path Parameter
PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2.
by Curesec Research Team
CVSS 7.2
AlegroCart 1.2.8 - Authenticated SQL Injection via Download Parameter
Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php.
by Curesec Research Team
CVSS 7.2
TECO SG2 LAD Client 3.51 - '.gen' Overwrite Buffer Overflow (SEH)
by LiquidWorm
TECO JN5 L510-DriveLink 1.482 - '.lf5' Overwrite Buffer Overflow (SEH)
by LiquidWorm
TECO TP3-PCLINK 2.1 - '.tpc' Handling Buffer Overflow (PoC)
by LiquidWorm
TECO SG2 FBD Client 3.51 - '.gfb' Overwrite Buffer Overflow (SEH) (PoC)
by LiquidWorm
TECO AP-PCLINK 1.094 - '.tpc' File Handling Buffer Overflow (PoC)
by LiquidWorm
By Source