Exploitdb Exploits
50,076 exploits tracked across all sources.
WP Symposium 14.11 - Unauthenticated Arbitrary File Upload via UploadHandler.php
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/.
by Metasploit
Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW Crash (PoC)
by rpaleari & joystick
Apple Mac OSX 10.10 - BlueTooth DispatchHCIWriteStoredLinkKey Crash (PoC)
by rpaleari & joystick
Apple Mac OSX 10.10 - BlueTooth DispatchHCICreateConnection Crash (PoC)
by rpaleari & joystick
Apple Mac OSX 10.10 - BlueTooth BlueToothHCIChangeLocalName Crash (PoC)
by rpaleari & joystick
Lexmark MarkVision Enterprise <2.1 - Path Traversal
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.
by Metasploit
CVSS 9.8
Foxit MobilePDF 4.4.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Dell iDRAC6 modular <3.65, iDRAC6 monolithic <1.98, iDRAC7 <1.57.57...
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
by Yong Chuan_ Koh
RedStar 3.0 Desktop - Enable sudo Privilege Escalation
by prdelka & sfan55
RedStar 3.0 Desktop - 'Software Manager swmng.app' Local Privilege Escalation
by RichardG
RedStar 2.0 Desktop - 'World-writeable rc.sysinit' Local Privilege Escalation
by prdelka
D-Link DSL-2730B Firmware GE_1.01 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
by XLabs Security
D-Link DSL-2730B Firmware GE_1.01 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
by XLabs Security
D-Link DSL-2730B Firmware GE_1.01 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
by XLabs Security
Apple macOS X < 10.10.2 - Remote Code Execution via XPC Type Confusion in libxpc
The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue.
by Google Security Research
vBulletin MicroCART 1.1.4 - Arbitrary Files Deletion / SQL Injection / Cross-Site Scripting
by Technidev
WP EasyCart < 3.0.8 - Authenticated Arbitrary File Upload via Banner Upload Script
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/.
by Kacper Szurek
Pandora FMS < 3.1 - Unauthenticated Authentication Bypass via Empty loginhash_pwd
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter.
by Metasploit
ADB P.DGA4001N Firmware PDG_TEF_SP_4.06L.6 - Missing Encryption of Sensitive Data via WPA Key Generation
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key.
by Eduardo Novella
CVSS 5.3
Sefrengo < 1.6.0 - Authenticated SQL Injection via idcat or idclient Parameter
Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.
by Steffen Rösemann
Microweber CMS <20141209 - SQL Injection
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
by Pham Kien Cuong
ADB P.DGA4001N Firmware 4.06L.6 - Unauthenticated Info Disclosure & DoS via Web Interface
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.
by Eduardo Novella
AdaptCMS 3.0.3 - Open Redirect via HTTP Referer Header
Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
by LiquidWorm
By Source