Exploitdb Exploits
50,076 exploits tracked across all sources.
Microsoft Windows XP SP3 - Privilege Escalation
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.
by KoreLogic
World Of Warcraft 3.3.5a - 'macros-cache.txt' Stack Overflow
by Alireza Chegini
IBM Global Console Manager 16 and 32 Firmware < 1.20.0.22575 - Authenticated OS Command Injection via lpres Parameter
systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter.
by Alejandro Alvarez Bravo
Linux kernel <3.15.4 - Privilege Escalation
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
by Vitaly Nikolenko
Raritan Power IQ <4.2.1 - SQL Injection
Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.
by Brandon Perry
Apache HTTP Server 2.2.0-2.2.28 - Denial of Service via mod_status Scoreboard Handling
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
by Marek Kroemeke
MTS MBlaze Ultra Wi-Fi / ZTE AC3633 - Multiple Vulnerabilities
by Ajin Abraham
WordPress Plugin WP BackupPlus - Database and Files Backup Download
by pSyCh0_3D
Microsoft Windows XP SP3 - Privilege Escalation
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.
by KoreLogic
Gallery Objects 0.4 - SQL Injection via viewid Parameter
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php.
by Claudio Viviani
ACME micro_httpd - Denial of Service via Long URI in GET Request
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.
by Yuval tisf Nativ
Barracuda Networks Message Archiver 650 - Persistent Cross-Site Scripting
by Vulnerability-Lab
Omeka < 2.2.1 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.
by LiquidWorm
ol-commerce 2.1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.
by AtT4CKxT3rR0r1ST
ol-commerce 2.1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.
by AtT4CKxT3rR0r1ST
ol-commerce 2.1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.
by AtT4CKxT3rR0r1ST
ol-commerce 2.1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.
by AtT4CKxT3rR0r1ST
Fonality trixbox - Path Traversal via Lang Parameter
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
by AtT4CKxT3rR0r1ST
Fonality trixbox - Remote Code Execution via lang Parameter
maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.
by AtT4CKxT3rR0r1ST
Fonality trixbox - Path Traversal via Lang Parameter
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
by AtT4CKxT3rR0r1ST
Fonality trixbox - SQL Injection via mac Parameter in endpoint_generic.php
SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action.
by AtT4CKxT3rR0r1ST
Fonality trixbox - Path Traversal via Lang Parameter
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
by AtT4CKxT3rR0r1ST
Fonality trixbox - Path Traversal via Lang Parameter
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
by AtT4CKxT3rR0r1ST
Bilboplanet 2.0 - Stored Cross-Site Scripting via Fullname Parameter
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php.
by Vivek N
CVSS 6.1
Bilboplanet 2.0 - Stored Cross-Site Scripting via signup.php user_id Parameter
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php.
by Vivek N
CVSS 6.1
By Source