Exploitdb Exploits
50,076 exploits tracked across all sources.
Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / PHP Remote Code Execution
by LiquidWorm
Froxlor Server Management Panel 0.9.33.1 - MySQL Login Information Disclosure
by Dustin Dörr
Linux Kernel (x86) - Memory Sinkhole Privilege Escalation
by Christopher Domas
ISC BIND 9.x <9.9.7-P2, 9.10.x <9.10.2-P3 - DoS
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
by elceef
Linux kernel <4.1.6 - Privilege Escalation
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
by Andrew Lutomirski
ISC BIND 9.x <9.9.7-P2, 9.10.x <9.10.2-P3 - DoS
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
by Errata Security
T-Mobile Internet Manager - Contact Name Crash (PoC)
by SATHISH ARTHAR
KMPlayer 3.9.x - '.srt' Crash (PoC)
by Peyman Motevalli Manesh
Acunetix Web Vulnerability Scanner 9.5 - Crash (PoC)
by Hadi Zomorodi Monavar
Netgear ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure
by St0rn
Heroes of Might and Magic III - Buffer Overflow
A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and Demo 1.0.0.0 via malicious .h3m map files that exploit object sprite name parsing logic. The vulnerability occurs during in-game map loading when a crafted object name causes a buffer overflow, potentially allowing arbitrary code execution. Exploitation requires the victim to open a malicious map file within the game.
by John AAkerblom
phpFileManager 0.9.8 - Remote Command Execution
by hyp3rlinx
Sudo <1.8.15 - Privilege Escalation
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."
by daniel svartman
Xceedium Xsuite - Open Redirect via redirurl Parameter
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
by modzero
CVSS 6.1
Xceedium Xsuite 2.x - Use of Hard-coded Credentials
Multiple hardcoded credentials in Xsuite 2.x.
by modzero
CVSS 9.8
Xceedium Xsuite - Directory Traversal via opm/read_sessionlog.php logFile Parameter
Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.
by modzero
Xceedium Xsuite <= 2.4.4.1 - Cross-Site Scripting via ajax_cmd.php fileName Parameter
Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter.
by modzero
CA Privileged Access Manager < 2.4.4.4 - Remote Command Execution
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
by modzero
CVSS 9.8
Foxit Reader - '.png' Conversion Parsing tEXt Chunk Arbitrary Code Execution
by Sascha Schirra
By Source