Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-10021 EXPLOITDB ruby VERIFIED
WP Symposium 14.11 - Unauthenticated Arbitrary File Upload via UploadHandler.php
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/.
by Metasploit
EIP-2026-104553 EXPLOITDB c VERIFIED
Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW Crash (PoC)
by rpaleari & joystick
EIP-2026-104552 EXPLOITDB c VERIFIED
Apple Mac OSX 10.10 - BlueTooth DispatchHCIWriteStoredLinkKey Crash (PoC)
by rpaleari & joystick
EIP-2026-104551 EXPLOITDB c VERIFIED
Apple Mac OSX 10.10 - BlueTooth DispatchHCICreateConnection Crash (PoC)
by rpaleari & joystick
EIP-2026-104550 EXPLOITDB c VERIFIED
Apple Mac OSX 10.10 - BlueTooth BlueToothHCIChangeLocalName Crash (PoC)
by rpaleari & joystick
CVE-2014-8741 EXPLOITDB CRITICAL ruby VERIFIED
Lexmark MarkVision Enterprise <2.1 - Path Traversal
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.
by Metasploit
CVSS 9.8
EIP-2026-102238 EXPLOITDB text
Foxit MobilePDF 4.4.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2014-8272 EXPLOITDB python
Dell iDRAC6 modular <3.65, iDRAC6 monolithic <1.98, iDRAC7 <1.57.57...
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
by Yong Chuan_ Koh
EIP-2026-102979 EXPLOITDB bash
RedStar 3.0 Desktop - Enable sudo Privilege Escalation
by prdelka & ‏sfan55
EIP-2026-102978 EXPLOITDB text
RedStar 3.0 Desktop - 'Software Manager swmng.app' Local Privilege Escalation
by RichardG
EIP-2026-102977 EXPLOITDB text
RedStar 2.0 Desktop - 'World-writeable rc.sysinit' Local Privilege Escalation
by prdelka
CVE-2015-1028 EXPLOITDB perl
D-Link DSL-2730B Firmware GE_1.01 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
by XLabs Security
CVE-2015-1028 EXPLOITDB perl
D-Link DSL-2730B Firmware GE_1.01 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
by XLabs Security
CVE-2015-1028 EXPLOITDB perl
D-Link DSL-2730B Firmware GE_1.01 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
by XLabs Security
EIP-2026-117742 EXPLOITDB perl
Palringo 2.8.1 - Local Stack Buffer Overflow
by Mr.ALmfL9
CVE-2014-8835 EXPLOITDB c
Apple macOS X < 10.10.2 - Remote Code Execution via XPC Type Confusion in libxpc
The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue.
by Google Security Research
EIP-2026-113021 EXPLOITDB text
vBulletin MicroCART 1.1.4 - Arbitrary Files Deletion / SQL Injection / Cross-Site Scripting
by Technidev
CVE-2014-9308 EXPLOITDB html
WP EasyCart < 3.0.8 - Authenticated Arbitrary File Upload via Banner Upload Script
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/.
by Kacper Szurek
CVE-2010-4279 EXPLOITDB ruby VERIFIED
Pandora FMS < 3.1 - Unauthenticated Authentication Bypass via Empty loginhash_pwd
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter.
by Metasploit
EIP-2026-103789 EXPLOITDB python
Ntpdc 4.2.6p3 - Local Buffer Overflow
by drone
CVE-2015-0558 EXPLOITDB MEDIUM text
ADB P.DGA4001N Firmware PDG_TEF_SP_4.06L.6 - Missing Encryption of Sensitive Data via WPA Key Generation
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key.
by Eduardo Novella
CVSS 5.3
CVE-2015-0919 EXPLOITDB text
Sefrengo < 1.6.0 - Authenticated SQL Injection via idcat or idclient Parameter
Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.
by Steffen Rösemann
CVE-2014-9464 EXPLOITDB text
Microweber CMS <20141209 - SQL Injection
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
by Pham Kien Cuong
CVE-2015-0554 EXPLOITDB text
ADB P.DGA4001N Firmware 4.06L.6 - Unauthenticated Info Disclosure & DoS via Web Interface
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.
by Eduardo Novella
CVE-2015-1060 EXPLOITDB python
AdaptCMS 3.0.3 - Open Redirect via HTTP Referer Header
Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
by LiquidWorm