Exploitdb Exploits
50,076 exploits tracked across all sources.
Xceedium Xsuite 2.x - Unauthenticated SQL Injection via Default MySQL Root Account
The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.
by modzero
CVSS 7.8
WordPress Plugin Unite Gallery Lite 1.4.6 - Multiple Vulnerabilities
by Nitin Venkatesh
WordPress Count Per Day <3.4.1 - SQL Injection
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
by High-Tech Bridge SA
CVSS 7.2
Hawkeye-G 3.0.1.4912 - Persistent Cross-Site Scripting / Information Leakage
by hyp3rlinx
libuser <0.56.13-8 & 0.60 <0.60-7 - DoS
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.
by Qualys Corporation
Hexis HawkEye G 3.0.1.4912 - Cross-Site Request Forgery via Multiple Endpoints
Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist.
by hyp3rlinx
CVSS 8.8
Counter-Strike 1.6 - 'GameInfo' Query Reflection Denial of Service (PoC)
by Todor Donev
Apple Mac OSX 10.10 - 'DYLD_PRINT_TO_FILE' Local Privilege Escalation
by Stefan Esser
Helpdesk Pro < 1.3.0 - Path Traversal via Ticket Download Attachment Filename Parameter
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.
by Simon Rawet
CVSS 7.5
Helpdesk Pro < 1.3.0 - SQL Injection via Ticket Code or Email Parameter
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.
by Simon Rawet
CVSS 9.8
Helpdesk Pro < 1.3.0 - Cross-Site Scripting via Name and Message Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.
by Simon Rawet
CVSS 5.4
Helpdesk Pro Plugin < 1.3.0 - Unauthorized Support Ticket Information Disclosure via Ticket ID
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.
by Simon Rawet
CVSS 5.3
Microsoft Windows - Remote Code Execution via SafeArrayDimen Function
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."
by Mohammad Reza Espargham
CVSS 8.8
xpcom - Denial of Service via Nested DIV Tags
Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted.
by GulfTech Security
Helpdesk Pro < 1.3.0 - Arbitrary File Write via Language Save Task
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.
by Simon Rawet
CVSS 8.1
SysAid < 15.1 - Remote Code Execution via RdsLogsEntry File Upload
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file.
by Metasploit
Microsoft Office 2007 SP3 and 2010 SP2 - Remote Code Execution via Crafted Office Document
Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel 2010 SP2, PowerPoint 2010 SP2, and Word 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Word Local Zone Remote Code Execution Vulnerability."
by Eduardo Braun Prado
phpvibe < 4.20 - Authenticated Stored Cross-Site Scripting via Comment
Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment.
by Filippos Mastrogiannis
CVSS 5.4
tcpdump < 4.7.0 - Denial of Service via Crafted RPKI-RTR PDU Header Length
The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU).
by Luke Arntson
Image Transfer IOS - Remote Crash (PoC)
by Mohammad Reza Espargham
D-Link DSP-W110A1 <1.05B01 - Command Injection
An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the underlying Linux operating system. Successful exploitation enables full system compromise.
by Metasploit
WordPress Plugin BuddyPress Activity Plus 1.5 - Cross-Site Request Forgery
by Tom Adams
ISC DHCP 3.0.x-4.2.x - Remote Code Execution via DHCP Hostname Shell Metacharacters
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
by Pierre Kim
WordPress Plugin Download Manager Free 2.7.94 & Pro 4 - (Authenticated) Persistent Cross-Site Scripting
by Filippos Mastrogiannis
By Source