Exploitdb Exploits
50,076 exploits tracked across all sources.
WordPress Plugin cp-multi-view-calendar 1.1.4 - SQL Injection
by i0akiN SEC-LABORATORY
phpMoAdmin 1.1.2 - Remote Code Execution via Object Parameter
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter.
by @u0x
WordPress Plugin Calculated Fields Form 1.0.10 - SQL Injection
by Ibrahim Raafat
vbseo - Authenticated Remote Code Execution via HTTP Referer Header
functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php.
by Net.Edit0r
CVSS 8.8
Seagate Business NAS <2015.00322 - RCE
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.
by OJ Reeves
CVSS 9.8
Microsoft Word 2007 - RTF Object Confusion (ASLR + DEP Bypass)
by R-73eN
Persistent Systems Radia Client Automation <9.1 - RCE
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
by Ben Turner
Ubisoft Uplay 5.0 - Insecure File Permissions Privilege Escalation
by LiquidWorm
Electronic Arts Origin Client 9.5.5 - Multiple Privilege Escalation Vulnerabilities
by LiquidWorm
D-Link Routers - Remote Code Execution via ping.ccp
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
by Metasploit
CVSS 9.8
SQLite < 3.8.10.1 - Multiple Unspecified Vulnerabilities
Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
by Andras Kabai
VFU 4.10-1.1 - Move Entry Buffer Overflow
by Bas van den Berg
Persistent Systems Radia Client Automation <9.1 - RCE
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
by Metasploit
ZeusCart 4 - Authenticated SQL Injection via Admin Backend Parameters
Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an editcurrency action to admin/.
by Steffen Rösemann
ZeusCart 4 - Cross-Site Scripting via schltr or brand Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-5322.
by Steffen Rösemann
ZeusCart < 4.0 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php.
by Steffen Rösemann
ZeusCart 4 - Exposure of Sensitive Information via phpinfo Function
ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function.
by Steffen Rösemann
Zabbix 2.0.5 - Authenticated LDAP Bind Password Exposure via HTML Source Code
Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.
by Pablo González
Easy Social Icons < 1.2.2 - Cross-Site Request Forgery via Image File Parameter
Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the image_file parameter in an edit action in the cnss_social_icon_add page to wp-admin/admin.php.
by Eric Flokstra
Phpbugtracker < 1.6.0 - SQL Injection
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.
by Steffen Rösemann
CVSS 9.8
ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) - SQL Injection via Item Parameter
SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.
by CWH Underground
Beehive Forum 1.4.4 - Cross-Site Scripting via Edit Preferences Parameters
Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message.
by Halil Dalabasmaz
By Source