Exploitdb Exploits
50,076 exploits tracked across all sources.
Wolf CMS < 0.8.3.1 - Authenticated Arbitrary File Upload and PHP Code Execution via File Manager
Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality.
by Narendra Bhati
CVSS 8.8
FHFS - FTP/HTTP File Server 2.1.2 Remote Command Execution
by Naser Farhadi
Invision Power Board 4.x < 4.0.12.1 - Authenticated Cross-Site Scripting via Event Location Address Parameter
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.
by snop
Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
by Trustwave's SpiderLabs
CVSS 7.5
Linux kernel <2.6.33 & QEMU <2.3.1 - Use After Free
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
by Google Security Research
Magento CE/EE 1.9.1.0-1.14.1.0 - SQL Injection
SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularity[field_expr] parameter when the popularity[from] or popularity[to] parameter is set.
by Manish Tanwar
VideoLAN VLC Media Player 2.2.1 - m3u8/m3u Crash (PoC)
by Naser Farhadi
Linux Kernel < 3.4.34 - Local Privilege Escalation via Netlink Message Family Value
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.
by Vitaly Nikolenko
Microsoft Word 2007 SP3 - Remote Code Execution via Crafted Office Document
Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "OneTableDocumentStream Remote Code Execution Vulnerability."
by Google Security Research
Microsoft Office and Web Applications - Remote Code Execution via Crafted Office Document
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Office Remote Code Execution Vulnerability."
by Google Security Research
vBulletin <4.2.2 PL5 & <4.2.3 PL1 - SQL Injection
SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016.
by Manish Tanwar
CVSS 9.8
Firefox PDF.js Privileged Javascript Injection
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.
by Metasploit
Easy File Sharing Web Server 6.9 - USERID Remote Buffer Overflow
by Tracy Turben
Easy Address Book Web Server 1.6 - USERID Remote Buffer Overflow
by Tracy Turben
By Source