Exploitdb Exploits
50,076 exploits tracked across all sources.
VFront 0.99.2 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
by hyp3rlinx
SysAid < 15.1 - Unauthenticated Arbitrary File Upload and Remote Code Execution via ChangePhoto.jsp
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.
by Metasploit
Seagate Central 2014.0410.0026-F - Remote Facebook Access Token
by Jeremy Brown
Seagate Central 2014.0410.0026-F - Remote Command Execution
by Jeremy Brown
WordPress Plugin LeagueManager 3.9.11 - SQL Injection
by javabudd
Linux Kernel (PonyOS 3.0) - TTY 'ioctl()' Local Privilege Escalation
by Hacker Fantastic
WebDrive 12.2 (Build #4172) - Remote Buffer Overflow
by metacom
IBM Security AppScan Standard 9.0.2 - OLE Automation Array Remote Code Execution
by Naser Farhadi
WordPress Plugin dzs-zoomsounds 2.0 - Arbitrary File Upload
by nabil chris
Realtek SDK - Remote Code Execution
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
by Metasploit
CVSS 9.8
Linux Kernel (PonyOS 3.0) - VFS Permissions Local Privilege Escalation
by Hacker Fantastic
Linux Kernel (PonyOS 3.0) - ELF Loader Local Privilege Escalation
by Hacker Fantastic
Aruba Networks ClearPass Policy Manager <6.4.5 - XSS
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.
by Cristiano Maruti
D-Link DIR-645 Firmware < 1.05b01 - Remote Code Execution via HNAP GetDeviceSettings Action
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
by Metasploit
CVSS 8.8
AirTies Air Firmware < 1.0.2.0 - Remote Code Execution via Long Redirect Parameter
Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login.
by Metasploit
PeerCast < 0.1211 - Remote Code Execution via Format String in URL
Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL.
by GulfTech Security
Free Counter 1.1 - Cross-Site Scripting via value_ Parameter
Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value_ parameter in a check_stat action to wp-admin/admin-ajax.php.
by Panagiotis Vagenas
Sendio < 7.2.3 - Authenticated Session Information Exposure
The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests.
by Core Security
Landing Pages < 1.8.4 - Authenticated SQL Injection via post Parameter
SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php.
by Adrián M. F.
NewStatPress < 0.9.8 - Authenticated SQL Injection via where1 Parameter
SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.
by Adrián M. F.
By Source