Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-1365 EXPLOITDB text
Pixabay Images <2.4 - Path Traversal
Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.
by Hans-Martin Muench
CVE-2014-100039 EXPLOITDB c
Malwarebytes Anti-Exploit < 1.04.1.1012 - Denial of Service via IOCTL Call
mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information.
by Parvez Anwar
CVE-2015-1376 EXPLOITDB text
Pixabay Images <2.4 - Code Injection
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.
by Hans-Martin Muench
EIP-2026-113028 EXPLOITDB text
vBulletin vBSSO Single Sign-On 1.4.14 - SQL Injection
by Technidev
EIP-2026-111730 EXPLOITDB text
RedaxScript 2.1.0 - Privilege Escalation
by shyamkumar somana
CVE-2014-4492 EXPLOITDB c VERIFIED
Apple iOS <8.1.3, OS X <10.10.2, TV <7.0.3 - RCE
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.
by Google Security Research
EIP-2026-104587 EXPLOITDB c VERIFIED
Apple Mac OSX 10.9.5 - IOKit IntelAccelerator Null Pointer Dereference
by Google Security Research
EIP-2026-104554 EXPLOITDB c VERIFIED
Apple Mac OSX 10.10 - IOKit IntelAccelerator Null Pointer Dereference
by Google Security Research
CVE-2014-5301 EXPLOITDB HIGH ruby VERIFIED
ManageEngine ServiceDesk Plus MSP 5-9.0.9030 Path Traversal
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
by Metasploit
CVSS 8.8
CVE-2014-9265 EXPLOITDB html
Samsung SmartViewer - Buffer Overflow
Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors.
by Praveen Darshanam
CVE-2014-9473 EXPLOITDB text
cformsII < 14.7 - Unauthenticated Arbitrary File Upload via cf_uploadfile2 Parameter
Unrestricted file upload vulnerability in lib_nonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the cf_uploadfile2[] parameter, then accessing the file via a direct request to the file in the default upload directory.
by Zakhar
EIP-2026-117992 EXPLOITDB python VERIFIED
T-Mobile Internet Manager - Local Buffer Overflow (SEH)
by metacom
CVE-2015-0004 EXPLOITDB text VERIFIED
Microsoft Windows - Privilege Escalation via User Profile Service Junction Attack
The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges by conducting a junction attack to load another user's UsrClass.dat registry hive, aka MSRC ID 20674 or "Microsoft User Profile Service Elevation of Privilege Vulnerability."
by Google Security Research
EIP-2026-116987 EXPLOITDB python VERIFIED
Congstar Internet Manager - Local Buffer Overflow (SEH)
by metacom
CVE-2014-1201 EXPLOITDB text
Lorex Edge Series - Buffer Overflow via HTTP_PORT Parameter
Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.
by Pedro Ribeiro
CVE-2015-1171 EXPLOITDB text
GSM SIM Utility <6.6 - Buffer Overflow
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.
by Osanda Malith Jayathissa
CVE-2014-8802 EXPLOITDB text
WordPress Pie Register <2.0.14 - RCE
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.
by Kacper Szurek
CVE-2014-7862 EXPLOITDB CRITICAL text
ManageEngine Desktop Central < 90109 - Unauthenticated Administrator Account Creation via DCPluginServelet
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.
by Pedro Ribeiro
CVSS 9.8
CVE-2015-1481 EXPLOITDB text
Ansible Tower <2.0.5 - Privilege Escalation
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account.
by SEC Consult
CVE-2015-1368 EXPLOITDB text
Ansible Tower < 2.0.5 - Cross-Site Scripting via Multiple API Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/.
by SEC Consult
CVE-2015-1482 EXPLOITDB text
Ansible Tower < 2.0.4 - Unauthenticated Sensitive Information Exposure via WebSocket Connection
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.
by SEC Consult
CVE-2015-1423 EXPLOITDB text
Gecko CMS 2.2-2.3 - Authenticated SQL Injection via Admin Index Parameters
Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php.
by LiquidWorm
CVE-2015-1422 EXPLOITDB text
Gecko CMS 2.2-2.3 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) horder[], (2) jak_catid, (3) jak_content, (4) jak_css, (5) jak_delete_log[], (6) jak_email, (7) jak_extfile, (8) jak_file, (9) jak_hookshow[], (10) jak_img, (11) jak_javascript, (12) jak_lcontent, (13) jak_name, (14) jak_password, (15) jak_showcontact, (16) jak_tags, (17) jak_title, (18) jak_url, (19) jak_username, (20) real_hook_id[], (21) sp, (22) sreal_plugin_id[], (23) ssp, or (24) sssp parameter to admin/index.php or the (25) editor, (26) field_id, (27) fldr, (28) lang, (29) popup, (30) subfolder, or (31) type parameter to js/editor/plugins/filemanager/dialog.php.
by LiquidWorm
CVE-2012-5613 EXPLOITDB ruby VERIFIED
MySQL <5.5.19 & MariaDB <5.5.28a - Privilege Escalation
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
by Metasploit
CVE-2015-1424 EXPLOITDB text
Gecko CMS 2.2-2.3 - Cross-Site Request Forgery via Admin User Creation
Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php.
by LiquidWorm