Exploitdb Exploits
50,076 exploits tracked across all sources.
WordPress Long Password DoS
wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.
by Javer Nieto & Andres Rojas
WordPress Long Password DoS
wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.
by SECURELI.com
Drupal 7.x < 7.34 and Secure Password Hashes 6.x-2.x < 6.x-2.1 - Denial of Service via Password Hashing API
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.
by Javer Nieto & Andres Rojas
CCH Wolters Kluwer ProSystem fx Engagement <7.1 - Privilege Escalation
CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement\, which allows local users to obtain LocalSystem privileges via a Trojan horse file.
by Information Paradox
Pandora FMS <5.0 SP2 - SQL Injection
An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhash_data parameter, allowing attackers to extract administrator credentials or active session tokens via crafted requests. This occurs because input is directly concatenated into an SQL query without adequate validation, enabling SQL injection. After authentication is bypassed, a second vulnerability in the File Manager component permits arbitrary PHP file uploads. The file upload functionality does not enforce MIME-type or file extension restrictions, allowing authenticated users to upload web shells into a publicly accessible directory and achieve remote code execution.
by Metasploit
Showbiz Pro < 1.7.1 - Unauthenticated PHP File Upload via ZIP Archive
The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive.
by Simo Ben Youssef
CVSS 9.8
Mini-stream RM-MP3 Converter <3.1.2.1.2010.03.30 - Buffer Overflow
Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file.
by Muhamad Fadzil Ramli
Elipse E3 < 3.2 - Denial of Service via HTTP Request Flooding
Elipse E3 3.x and earlier allows remote attackers to cause a denial of service (application crash and plant outage) via a rapid series of HTTP requests to index.html on TCP port 1681.
by firebitsbr
xEpan CMS <= 1.0.4.1 - Cross-Site Request Forgery via Administrative Account Creation
Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page.
by High-Tech Bridge SA
DB Backup plugin <4.5 - Path Traversal
Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by Ashiyane Digital Security Team
Device42 WAN Emulator 2.3 - Traceroute Command Injection (Metasploit)
by Brandon Perry
Device42 WAN Emulator 2.3 - Ping Command Injection (Metasploit)
by Brandon Perry
Android < 4.4.4 - SQL Injection via WAPPushManager PDU Fields
Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135.
by Baidu X-Team
TRENDnet TV-IP422W and TV-IP422WN - Stack-Based Buffer Overflow in UltraCam ActiveX Control
Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function.
by LiquidWorm
Google Doc Embedder <2.5.15 - SQL Injection
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
by Kacper Szurek
phpMyRecipes 1.2.2 - SQL Injection via dosearch.php words_exact Parameter
SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter.
by bard
Crea8Social 1.3 - Persistent Cross-Site Scripting
by Halil Dalabasmaz
Linux Kernel <=3.14.5 - Privilege Escalation
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
by Kaiqu Chen
CVSS 7.8
ARRIS VAP2500 Firmware < 08.41 - Unauthenticated Exposure of Sensitive Information via Configuration Files
The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files.
by HeadlessZeke
Microsoft Windows - Privilege Escalation
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."
by anonymous
CVSS 7.8
wpDataTables <1.5.3 - SQL Injection
SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php.
by Claudio Viviani
WordPress Plugin wpDataTables 1.5.3 - Arbitrary File Upload
by Claudio Viviani
dukapress < 2.5.3 - Path Traversal via src Parameter in dp_image.php
Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
by Kacper Szurek
WordPress <2.7.3 - Authenticated RCE
The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option.
by Kacper Szurek
CVSS 8.8
By Source