Exploitdb Exploits
50,076 exploits tracked across all sources.
Microsoft Windows - Privilege Escalation
The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."
by Sylvain Monne
CVSS 8.8
PBBoard < 3.0.1 - SQL Injection via Email Parameter in Register Page
SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php. NOTE: the email parameter in the forget page vector is already covered by CVE-2012-4034.2.
by Tran Dinh Tien
Technicolor Router TD5130 - Open Redirect
Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter.
by Crash
Technicolor Router TD5130 - Firmware 2.05.C29GV - XSS
Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter.
by Crash
Technicolor Router TD5130 <2.05.C29GV - RCE
Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter).
by Crash
Guruperl.net AWP PRO <6.6 - SQL Injection
SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a list_zone action to cgi/client.cgi.
by Robert Cooper
Google Doc Embedder <2.5.15 - SQL Injection
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
by Securely (Yoo Hee man)
WordPress Plugin CodeArt Google MP3 Player - File Disclosure Download
by QK14 Team
Cart66 Lite < 1.5.1.17 - Authenticated SQL Injection via id Parameter
SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_products_table action to wp-admin/admin-ajax.php.
by Kacper Szurek
ManageEngine Netflow Analyzer 8.6-10.2 and IT360 10.3 - Path Traversal via DisplayChartPDF Filename Parameter
Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
by Pedro Ribeiro
Thomson Reuters Fixed Assets CS <13.1.4 - Code Injection
The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.
by Information Paradox
Nextend Facebook Connect <1.5.1 - XSS
Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_update_options action.
by Kacper Szurek
ke_dompdf < 0.0.3 - Remote Code Execution
Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.
by RedTeam Pentesting
ProjectSend r100-r561 - Unauthenticated Arbitrary File Upload and Remote Code Execution via process-upload.php
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.
by Fady Mohammed Osman
Mac OS X IOKit Keyboard Driver Root Privilege Escalation
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
by Metasploit
CVSS 7.8
tinc < 1.0.21 and 1.1 < 1.1pre7 - Authenticated Stack-Based Buffer Overflow via Large TCP Packet
Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet.
by Metasploit
EntryPass N5200 Active Network Control Panel - Unauthenticated Exposure of Sensitive Information via URL Character Range
EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtain the administrator username and password via a URL starting with an ASCII character o through z or A through D, different vectors than CVE-2014-8868.
by RedTeam Pentesting
IPUX Cube Type CS303C IP Camera - 'UltraMJCamX.ocx' ActiveX Stack Buffer Overflow
by LiquidWorm
IPUX CS7522/CS2330/CS2030 IP Camera - 'UltraHVCamX.ocx' ActiveX Stack Buffer Overflow
by LiquidWorm
IPUX CL5452/CL5132 IP Camera - 'UltraSVCamX.ocx' ActiveX Stack Buffer Overflow
by LiquidWorm
macOS X - Remote Command Execution via HTTP Redirect Pipe Character
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.
by dash
By Source