Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-1427 EXPLOITDB CRITICAL python VERIFIED
Elasticsearch <1.3.8, <1.4.3 - Command Injection
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
by Xiphos Research Ltd
CVSS 9.8
CVE-2015-2679 EXPLOITDB text
genixcms < 0.0.1 - SQL Injection via Page or Username Parameter
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.
by LiquidWorm
CVE-2015-2678 EXPLOITDB text
genixcms < 0.0.1 - Cross-Site Scripting via cat or page Parameter
Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php.
by LiquidWorm
EIP-2026-108541 EXPLOITDB text
Joomla! Component com_simplephotogallery 1.0 - Arbitrary File Upload
by CrashBandicot
CVE-2015-2680 EXPLOITDB text
GeniXCMS < 0.0.2 - Cross-Site Request Forgery via Administrator Account Addition
Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php.
by LiquidWorm
CVE-2014-9261 EXPLOITDB text
Codoforum 2.5.1 - Path Traversal via Path Parameter
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.
by Kacper Szurek
CVE-2015-0565 EXPLOITDB CRITICAL text VERIFIED
Google Native Client - Memory Corruption via CLFLUSH Instruction
NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.
by Google Security Research
CVSS 10.0
CVE-2015-3693 EXPLOITDB text VERIFIED
macOS < 10.10.3 - Denial of Service via Rowhammer Attack
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations.
by Google Security Research
CVE-2015-0565 EXPLOITDB CRITICAL text VERIFIED
Google Native Client - Memory Corruption via CLFLUSH Instruction
NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.
by Google Security Research
CVSS 10.0
EIP-2026-114004 EXPLOITDB text VERIFIED
WordPress Plugin Reflex Gallery 3.1.3 - Arbitrary File Upload
by CrashBandicot
EIP-2026-101073 EXPLOITDB python
Sagem F@st 3304-V2 - Telnet Crash (PoC)
by Loudiyi Mohamed
CVE-2015-1875 EXPLOITDB text
Elastix < 2.5.0 - SQL Injection via transactionID Parameter
SQL injection vulnerability in a2billing/customer/iridium_threed.php in Elastix 2.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the transactionID parameter.
by Ahmed Aboul-Ela
CVE-2014-2623 EXPLOITDB ruby VERIFIED
HP Storage Data Protector 8.x - Remote Code Execution
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
by Metasploit
CVE-2015-2564 EXPLOITDB text
ProjectSend r561 - Authenticated SQL Injection via ID Parameter
SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php.
by ITAS Team
CVE-2015-2237 EXPLOITDB text
Betster 1.0.4 - SQL Injection via id or username Parameter
Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php.
by ZeQ3uL
CVE-2014-8687 EXPLOITDB CRITICAL ruby VERIFIED
Seagate Business NAS <2015.00322 - RCE
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.
by Metasploit
CVSS 9.8
CVE-2015-10087 EXPLOITDB MEDIUM text VERIFIED
UpThemes Theme DesignFolio Plus 1.2 - Unrestricted Upload
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
by CrashBandicot
CVSS 6.3
CVE-2014-9566 EXPLOITDB text
Solarwinds Orion Platform <11.5 - SQL Injection
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint.
by Brandon Perry
EIP-2026-105438 EXPLOITDB text
BEdita CMS 3.5.0 - Multiple Vulnerabilities
by Edric Teo
CVE-2014-8686 EXPLOITDB CRITICAL ruby VERIFIED
CodeIgniter <2.2.0 - Info Disclosure
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.
by Metasploit
CVSS 9.8
CVE-2014-9322 EXPLOITDB HIGH c
Linux kernel <3.17.5 - Privilege Escalation
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
by Emeric Nasi
CVSS 7.8
CVE-2014-7285 EXPLOITDB ruby VERIFIED
Symantec Web Gateway <5.2.2 - Command Injection
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.
by Metasploit
CVE-2014-3631 EXPLOITDB c
Linux Kernel 3.13-3.14.19 - Denial of Service via Associative Array Garbage Collection
The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.
by Emeric Nasi
CVE-2014-4943 EXPLOITDB c
Linux Kernel <3.15.6 - Privilege Escalation
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
by Emeric Nasi
CVE-2015-2216 EXPLOITDB text
Photocrati < 4.07 - SQL Injection via prod_id Parameter
SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter.
by ayastar