Exploitdb Exploits
50,076 exploits tracked across all sources.
Symantec Endpoint Protection 11.x-12.x - Local Buffer Overflow via sysplant Driver IOCTL
Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.
by ryujin & sickness
Barracuda WAF 7.8.1.013 - Auth Bypass
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.
by Nick Hayes
CVSS 9.8
RaidenTunes - 'music_out.php' Cross-Site Scripting
by LiquidWorm
TP-Link TL-WR740N v4 Router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) - Command Execution
by Christoph Kuhl
status2k 2.5 - Remote Code Execution via Multies Parameter
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
by Shayan S
CVSS 9.8
sphider < 1.3.6, sphider-pro < 3.2, sphider-plus < 3.2 - Authentication Bypass
sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass
by Shayan S
CVSS 9.8
status2k - Unauthenticated Sensitive Information Exposure via phpinfo Action
Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function.
by Shayan S
Sphider < 1.3.6 - Remote Code Execution via admin/spiderfuncs.php
A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.
by Shayan S
CVSS 9.8
ArticleFR 11.06.2014 - Privilege Escalation
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information.
by High-Tech Bridge SA
CVSS 9.8
ISPConfig 3.0.54p1 - (Authenticated) Admin Privilege Escalation
by mra
TigerCom iFolder+ 1.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities
by LiquidWorm
D-Link DWR-113 Firmware < 2.03b02 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors.
by Blessen Thomas
CVSS 8.8
Sphider 1.3.6 - Cross-Site Scripting via Category Parameter
Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082.
by Mike Manzotti
Sphider 1.3.6 - SQL Injection via Admin Filter Parameter
SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter.
by Mike Manzotti
sphider < 1.3.6 - SQL Injection via site_id or url Parameter
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.
by Mike Manzotti
WhyDoWork AdSense 1.2 - Cross-Site Request Forgery via wp-admin/options-general.php
Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense page in wp-admin/options-general.php.
by Dylan Irzi
Lead Octopus - SQL Injection via id Parameter
SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Amirh03in
FB Gorilla - SQL Injection via game_play.php id Parameter
SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Amirh03in
By Source