Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-119362 EXPLOITDB ruby
DotNetNuke DNNspot Store 3.0.0 - Arbitrary File Upload (Metasploit)
by Glafkos Charalambous
CVE-2014-5507 EXPLOITDB text
iBackup < 10.0.0.32 - Local Privilege Escalation via Weak Service Permissions
iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file.
by Glafkos Charalambous
EIP-2026-102246 EXPLOITDB text
iFunBox Free 1.1 iOS - Local File Inclusion
by Vulnerability-Lab
EIP-2026-102232 EXPLOITDB text
File Manager 4.2.10 iOS - Code Execution
by Vulnerability-Lab
CVE-2014-4872 EXPLOITDB ruby VERIFIED
BMC Track-It! 11.3.0.355 - Unauthenticated Remote Code Execution via .NET Remoting
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.
by Metasploit
CVE-2014-7228 EXPLOITDB ruby VERIFIED
Akeeba Restore <3.3.4 - Info Disclosure
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive.
by Metasploit
EIP-2026-103924 EXPLOITDB ruby VERIFIED
HP Data Protector - 'EXEC_INTEGUTIL' Remote Code Execution (Metasploit)
by Metasploit
CVE-2014-4114 EXPLOITDB HIGH ruby VERIFIED
MS14-060 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
by Metasploit
CVSS 7.8
CVE-2014-4114 EXPLOITDB HIGH python
MS14-060 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
by Vlad Ovtchinikov
CVSS 7.8
CVE-2014-6352 EXPLOITDB HIGH ruby VERIFIED
MS14-064 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
by Metasploit
CVSS 7.8
CVE-2014-6352 EXPLOITDB HIGH python
MS14-064 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
by Vlad Ovtchinikov
CVSS 7.8
CVE-2014-8322 EXPLOITDB CRITICAL c
aircrack-ng < 1.2 RC 1 - Remote Code Execution via Crafted Length Parameter
Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value.
by Nick Sampanis
CVSS 9.8
CVE-2011-1485 EXPLOITDB ruby VERIFIED
Linux PolicyKit Race Condition Privilege Escalation
Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.
by Metasploit
CVE-2014-0995 EXPLOITDB text VERIFIED
SAP NetWeaver <= 7.01 - Denial of Service via Trace Pattern Wildcard
The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.
by Core Security
CVE-2014-3704 EXPLOITDB php VERIFIED
Drupal 7.0-7.31 - SQL Injection via Array Key in Database API
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
by Dustin Dörr
CVE-2014-3704 EXPLOITDB python VERIFIED
Drupal 7.0-7.31 - SQL Injection via Array Key in Database API
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
by Claudio Viviani
CVE-2014-3704 EXPLOITDB python VERIFIED
Drupal 7.0-7.31 - SQL Injection via Array Key in Database API
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
by stopstene
CVE-2014-4971 EXPLOITDB ruby VERIFIED
Microsoft Windows XP SP3 - Privilege Escalation
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.
by Metasploit
CVE-2014-3829 EXPLOITDB ruby VERIFIED
Centreon 2.5.1 and Centreon Enterprise Server 2.2 - Remote Code Execution via session_id or template_id Parameter
displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.
by Metasploit
EIP-2026-102248 EXPLOITDB text
Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-118000 EXPLOITDB text
Telefonica O2 Connection Manager 8.7 - Service Trusted Path Privilege Escalation
by LiquidWorm
EIP-2026-117999 EXPLOITDB text
Telefonica O2 Connection Manager 3.4 - Local Privilege Escalation
by LiquidWorm
CVE-2014-100003 EXPLOITDB text VERIFIED
YourMembers - SQL Injection via ym_download_id Parameter
SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI.
by TranDinhTien
EIP-2026-111986 EXPLOITDB python
SEO Control Panel 3.6.0 - (Authenticated) SQL Injection
by Tiago Carvalho
CVE-2014-8577 EXPLOITDB text
Croogo < 2.0.0 - Cross-Site Scripting via Multiple Admin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parameter to admin/blocks/blocks/edit page; (4) data[Region][title] parameter to admin/blocks/regions/add page; (5) data[Menu][title] or (6) data[Menu][alias] parameter to admin/menus/menus/add page; or (7) data[Link][title] parameter to admin/menus/links/add/menu page.
by LiquidWorm