Exploitdb Exploits
50,076 exploits tracked across all sources.
PHP < 5.4.38, 5.5.x < 5.5.22, 5.6.x < 5.6.6 - Use-After-Free via Crafted Serialized DateTime Data
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.
by Taoguang Chen
Samsung iPOLiS Device Manager 1.12.2 - Remote Code Execution via ReadConfigValue or WriteConfigValue Function
Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function.
by Praveen Darshanam
Piwigo < 2.7.3 - Authenticated SQL Injection via Filter Level Parameter
SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
by Sven Schleier
Publish-It PUI Buffer Overflow (SEH)
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
by Andrew Smith
Wordpress <0.5.10 - Authenticated RCE
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.
by Kacper Szurek
CVSS 8.2
D-Link DSL-2640B ADSL Router - 'ddnsmngr' Remote DNS Change
by Todor Donev
X360 VideoPlayer <2.6 - Buffer Overflow
A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process.
by Metasploit
Guppy CMS 5.0.9/5.00.10 - Authentication Bypass/Change Email
by Brandon Murphy
GuppY CMS 5.0.9 < 5.00.10 - Multiple Cross-Site Request Forgery Vulnerabilities
by Brandon Murphy
VMware vCenter Server 5.0-5.5 and 6.0 - Remote Code Execution via JMX RMI MBean Registration
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.
by Metasploit
eTouch SamePage Enterprise Edition 4.4.0.0.239 - SQL Injection via catId Parameter
SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed.
by Brandon Perry
WonderPlugin Audio Player < 2.0 - Authenticated SQL Injection via item[id] Parameter
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.
by Kacper Szurek
WonderPlugin Audio Player < 2.0 - Cross-Site Scripting via item[name] or item[customcss] Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.
by Kacper Szurek
FancyBox for WordPress <3.0.3 - XSS
The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an mfbfw[*] parameter in an update action to wp-admin/admin-post.php, as demonstrated by the mfbfw[padding] parameter and exploited in the wild in February 2015.
by NULLpOint7r
eTouch SamePage Enterprise Edition 4.4.0.0.239 - Authenticated Path Traversal via filepath Parameter
Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter.
by Brandon Perry
pcman's ftp server 2.0.7 - Unauthenticated Buffer Overflow via USER Command
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by R-73eN
Realtek 11n Wireless LAN utility - Local Privilege Escalation
by Humberto Cabrera
Spider Event Calendar 1.4.9 - SQL Injection via cat_id Parameter
SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php.
by Mateusz Lach
Apptha WordPress Video Gallery < 2.7 - SQL Injection via vid Parameter
SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php.
by Claudio Viviani
Exponent CMS < 2.1.4, 2.2.x < 2.2.3, 2.3.x < 2.3.1 - Cross-Site Scripting via PATH_INFO or User Profile Fields
Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to index.php, or the (3) "First Name" or (4) "Last Name" field to users/edituser.
by Mayuresh Dani
Achat Chat Server 0.150 - Stack-based Buffer Overflow via UDP Port 9256
A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handler (SEH) due to insufficient bounds checking on user-supplied input leading to remote code execution.
by Metasploit
By Source