Exploitdb Exploits
50,076 exploits tracked across all sources.
BlazeDVD Pro Player 7.0 - '.plf' Local Buffer Overflow (SEH)
by metacom
ArticleFR < 3.0.4 - SQL Injection via rate.php id Parameter
Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php.
by High-Tech Bridge
ManageEngine Password Manager Pro 5-7 build 7003 - SQL Injection via MetadataServlet sv Parameter
SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat.
by Pedro Ribeiro
WP Content Source Control < 3.0.0 - Path Traversal via Path Parameter
Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
by Henri Salo
Firefox < 21.0 and Firefox ESR < 17.0.6 - Cross-Site Scripting via Chrome Object Wrapper
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.
by Metasploit
GitLab <5.4.1, <6.2.3 - Command Injection
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
by Metasploit
Tenda A5s Firmware 3.02.05_CN - Unauthenticated Authentication Bypass via admin:language Cookie
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
by zixian
Blue Coat Malware Analysis Appliance <4.2.5 & Malware Analyzer G2 <3.5 - RCE via VM Protection Bypass
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis.
by Metasploit
CVSS 9.3
Disqus Comment System < 2.76 - Cross-Site Request Forgery via Multiple Parameters
Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) disqus_replace, (2) disqus_public_key, or (3) disqus_secret_key parameter to wp-admin/edit-comments.php in manage.php or that (4) reset or (5) delete plugin options via the reset parameter to wp-admin/edit-comments.php.
by Nik Cubrilovic
VMTurbo Operations Manager <4.6 - Command Injection
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call.
by Metasploit
AlienVault OSSIM < 4.7.0 - Remote Code Execution via SOAP remote_task or get_license Request
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.
by James Fitts
Oracle VM VirtualBox <4.3.12 - Unknown
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2486.
by Metasploit
BlazeDVD Pro Player 7.0 - '.plf' Direct RET Local Stack Buffer Overflow
by Giovanni Bartolomucci
gb_gallery_slideshow 1.5 - Authenticated SQL Injection via selected_group Parameter
SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php.
by Claudio Viviani
TomatoCart <1.1.8.6.1 - SQL Injection
SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact.
by Breaking.Technology
PhotoSync Wifi & Bluetooth 1.0 - Local File Inclusion
by Vulnerability-Lab
Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm
by Matt O'Connor
HybridAuth 2.0.9-2.2.2 - Unauthenticated Remote Code Execution via install.php Config Injection
A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated attacker can inject arbitrary PHP code into config.php, which is later executed when the file is loaded. This allows attackers to achieve remote code execution on the server. Exploitation of this issue will overwrite the existing configuration, rendering the application non-functional.
by @u0x
Pro Chat Rooms Text Chat Rooms 8.2.0 - Authenticated SQL Injection via Password, Email, or ID Parameter
Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter.
by Mike Manzotti
WordPress Plugin wpSS - 'ss_handler.php' SQL Injection
by Ashiyane Digital Security Team
Pro Chat Rooms Text Chat Rooms 8.2.0 - Authenticated Cross-Site Scripting via Profile Picture Upload or Edit Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php.
by Mike Manzotti
By Source