Exploitdb Exploits
50,076 exploits tracked across all sources.
miniupnpd 1.0 - Remote Code Execution via Long Quoted Method in SOAPAction Handler
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
by Onur Alanbel (BGA)
Wireshark 1.12.4 - Memory Corruption and Access Violation (PoC)
by Avinash Thapa
Free MP3 CD Ripper <= 2.6 - Stack-based Buffer Overflow via Crafted WAV File
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file.
by naxxo
Quick Search 1.1.0.189 - search textbox Buffer Overflow (SEH Unicode) (Egghunter)
by Tomislav Paskalev
Free MP3 CD Ripper <= 2.6 - Stack-based Buffer Overflow via Crafted WAV File
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file.
by ThreatActor
WordPress Plugin Ultimate Product Catalogue - SQL Injection (2)
by Felipe Molina
WordPress Plugin Ultimate Product Catalogue - SQL Injection (1)
by Felipe Molina
usb-creator <0.2.38.3ubuntu0.1 - Privilege Escalation
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method.
by Tavis Ormandy
CVSS 7.8
ZYXEL P-660HN-T1H_IPv6 - Remote Configuration Editor / Web Server Denial of Service
by Koorosh Ghorbani
MooPlayer 1.3.0 - 'm3u' Local Buffer Overflow (SEH) (2)
by Tomislav Paskalev
GoAutoDial GoAdmin CE - Remote Code Execution via cpanel PATH_INFO Parameter
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO.
by Chris McCurley
GoAutoDial GoAdmin CE - SQL Injection via User Credentials or PATH_INFO
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/.
by Chris McCurley
GoAutoDial GoAdmin CE 3.x - Unauthenticated Arbitrary File Upload via Voice Files Upload
Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in sounds/.
by Chris McCurley
Adobe Flash Player < 13.0.0.244 and 14.x-15.x < 15.0.0.152 - Remote Code Execution via Heap-Based Buffer Overflow
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0559.
by Metasploit
WordPress Tune Library <1.5.5 - SQL Injection
SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5.
by Hannes Trunde
CVSS 8.1
WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download (2)
by dadou dz
WordPress Community Events <1.4 - SQL Injection
SQL injection vulnerability in WordPress Community Events plugin before 1.4.
by Hannes Trunde
CVSS 9.8
GoAutoDial GoAdmin CE - OS Command Injection via cpanel PATH_INFO
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.
by Chris McCurley
WordPress Plugin Work The Flow - Arbitrary File Upload (Metasploit)
by Metasploit
By Source