Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-5452 EXPLOITDB ruby VERIFIED
Watchguard XCS <10.0 - SQL Injection
SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.
by Metasploit
CVE-2015-6000 EXPLOITDB HIGH text
vtiger CRM < 6.3.0 - Authenticated Unrestricted File Upload and Remote Code Execution via Company Logo Upload
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/.
by Benjamin Daniel Mussler
CVSS 8.8
CVE-2016-6599 EXPLOITDB CRITICAL text
BMC Track-It! 11.4 - Info Disclosure
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV ("NumaraIT") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments.
by Pedro Ribeiro
CVSS 9.8
CVE-2015-7601 EXPLOITDB python
PCMan's FTP Server <2.0.7 - Path Traversal
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command.
by Jay Turla
CVE-2015-7602 EXPLOITDB python
BisonWare BisonFTP <3.5 - Path Traversal
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.
by Jay Turla
EIP-2026-115328 EXPLOITDB python
Git 1.9.5 - 'ssh-agent.exe' Buffer Overflow (PoC)
by hyp3rlinx
CVE-2015-5568 EXPLOITDB text
Adobe Flash Player <18.0.0.241-11.2.202.521, Adobe AIR <19.0.0.190 ...
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors.
by Google Security Research
CVE-2015-3073 EXPLOITDB text
Adobe Reader/Acrobat <10.1.14, 11.x <11.0.11 - Auth Bypass
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, and CVE-2015-3074.
by Reigning Shells
CVE-2016-1713 EXPLOITDB HIGH text
vtiger CRM 6.4.0 - Authenticated Remote Code Execution via Company Logo Upload
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.
by Benjamin Daniel Mussler
CVSS 7.3
EIP-2026-105785 EXPLOITDB text
Centreon 2.6.1 - Multiple Vulnerabilities
by LiquidWorm
CVE-2015-7904 EXPLOITDB text
Infinite Automation Mango Automation <2.6.0 - RCE
Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.
by LiquidWorm
EIP-2026-102281 EXPLOITDB text
Photos in Wifi 1.0.1 iOS - Arbitrary File Upload
by Vulnerability-Lab
EIP-2026-102261 EXPLOITDB text
My.WiFi USB Drive 1.0 iOS - Local File Inclusion
by Vulnerability-Lab
EIP-2026-102187 EXPLOITDB text
Telegram 3.2 - Input Length Handling Crash (PoC)
by Mohammad Reza Espargham
CVE-2015-5453 EXPLOITDB ruby VERIFIED
Watchguard XCS <10.0 - Command Injection
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.
by Metasploit
EIP-2026-100688 EXPLOITDB ruby VERIFIED
Watchguard XCS - FixCorruptMail Privilege Escalation (Metasploit)
by Metasploit
CVE-2015-6589 EXPLOITDB HIGH ruby
Kaseya VSA <=9.1.0.8 Authenticated Path Traversal & Arbitrary File Write via json.ashx
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx.
by Pedro Ribeiro
CVSS 8.8
EIP-2026-118133 EXPLOITDB python
WinRar 5.21 - SFX OLE Command Execution
by R-73eN
EIP-2026-115305 EXPLOITDB text
FreshFTP 5.52 - '.qfl' Crash (PoC)
by Un_N0n
CVE-2015-5075 EXPLOITDB text
X2Engine X2CRM < 5.0.9 - Cross-Site Request Forgery via User Creation
Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create.
by Portcullis
CVE-2015-5074 EXPLOITDB text
X2Engine X2CRM < 5.0.8 - Authenticated Arbitrary File Upload via .pht Extension
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension.
by Portcullis
CVE-2015-8038 EXPLOITDB text
FortiManager < 5.2.3 - Cross-Site Scripting via sharedjobmanager or SOMServiceObjDialog
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog.
by hyp3rlinx
CVE-2015-2512 EXPLOITDB text VERIFIED
Microsoft Windows - Local Privilege Escalation via Adobe Type Manager Library
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2507.
by Nils Sommer
CVE-2015-4148 EXPLOITDB python
Apple Mac OS X < 10.10.4 - Improper Input Validation
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.
by Filippo Roncari
CVE-2015-6009 EXPLOITDB text
Web Reference Database <0.9.6 - SQL Injection
Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382.
by Mohab Ali