Exploitdb Exploits
50,076 exploits tracked across all sources.
w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution
by Jay Turla
JBoss Enterprise Application Platform 4.3.0 - Remote Code Execution via JBoss Expression Language Injection
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
by Metasploit
CVSS 8.8
WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload
by Claudio Viviani
Kemp Load Master < 7.1.20b - Cross-Site Request Forgery in Administrative Pages
A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages.
by Roberto Suggi Liverani
CVSS 8.8
Kemp LoadMaster < 7.1-16 - Bash Script Injection via Web User Interface
A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI).
by Roberto Suggi Liverani
CVSS 8.8
WebGate WinRDS - Stack-Based Buffer Overflow in WESPPlaybackCtrl
Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control in WebGate WinRDS allows remote attackers to execute arbitrary code via unspecified vectors to the (1) PrintSiteImage, (2) PlaySiteAllChannel, (3) StopSiteAllChannel, or (4) SaveSiteImage function.
by Praveen Darshanam
WebGate Embedded Standard Protocol SDK - Buffer Overflows in LoadImage, LoadImageEx, ChangePassword, Connect, and AddID
Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.
by Praveen Darshanam
WebGate eDVR Manager - Remote Code Execution via Stack-Based Buffer Overflow
Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySiteChannel function in the WESPPlayback.WESPPlaybackCtrl.1 control; (5) Connect or (6) ConnectEx function in the WESPPTZ.WESPPTZCtrl.1 control; (7) SiteChannel property in the WESPPlayback.WESPPlaybackCtrl.1 control; (8) SiteName property in the WESPPlayback.WESPPlaybackCtrl.1 control; or (9) OpenDVrSSite function in the WESPPTZ.WESPPTZCtrl.1 control.
by Praveen Darshanam
CVSS 8.8
WebGate Embedded Standard Protocol SDK - Buffer Overflows in LoadImage, LoadImageEx, ChangePassword, Connect, and AddID
Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.
by Praveen Darshanam
WebGate eDVR Manager - Remote Code Execution via Stack-Based Buffer Overflow
Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySiteChannel function in the WESPPlayback.WESPPlaybackCtrl.1 control; (5) Connect or (6) ConnectEx function in the WESPPTZ.WESPPTZCtrl.1 control; (7) SiteChannel property in the WESPPlayback.WESPPlaybackCtrl.1 control; (8) SiteName property in the WESPPlayback.WESPPlaybackCtrl.1 control; or (9) OpenDVrSSite function in the WESPPTZ.WESPPTZCtrl.1 control.
by Praveen Darshanam
CVSS 8.8
WordPress Plugin WP Easy Slideshow 1.0.3 - Multiple Vulnerabilities
by Divya
WordPress Plugin VideoWhisper Video Presentation 3.31.17 - Arbitrary File Upload
by Larry W. Cashdollar
WordPress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload
by Larry W. Cashdollar
WordPress Plugin Video Gallery 2.8 - Multiple Cross-Site Request Forgery Vulnerabilities
by Divya
Simple Ads Manager < 2.5.94 - Unauthenticated Arbitrary File Upload via sam-ajax-admin.php
Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the path parameter.
by ITAS Team
Simple Ads Manager < 2.7.97 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3) searchTerm parameter in a load_combo_data action to sam-ajax-admin.php; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action to sam-ajax-admin.php.
by ITAS Team
WordPress Simple Ads Manager 2.5.94 and 2.5.96 - Exposure of Sensitive Information
WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.
by ITAS Team
CVSS 5.3
WordPress Plugin Business Intelligence - SQL Injection (Metasploit)
by Jagriti Sahu
WordPress Plugin Business Intelligence - SQL Injection (Metasploit)
by Jagriti Sahu
WordPress Plugin Business Intelligence - SQL Injection (Metasploit)
by Jagriti Sahu
Google Chrome < 39.0.2171.65 - Denial of Service or Other Impact
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Roberto Suggi Liverani
By Source