Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-3888 EXPLOITDB ruby
Yokogawa CENTUM CS 1000-VP - Buffer Overflow
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.
by Metasploit
CVE-2014-3992 EXPLOITDB text VERIFIED
Dolibarr ERP/CRM <3.5.3 - SQL Injection
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php.
by Deepak Rathore
CVE-2014-2424 EXPLOITDB ruby VERIFIED
Oracle Fusion Middleware 11.1.1.7.0 - Privilege Escalation
Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system.
by Metasploit
CVE-2014-4741 EXPLOITDB text VERIFIED
Artifectx xClassified 1.2 - SQL Injection
SQL injection vulnerability in demo/ads.php in Artifectx xClassified 1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by Lazmania61
CVE-2014-4852 EXPLOITDB text VERIFIED
The Digital Craft AtomCMS - SQL Injection
SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Jagriti Sahu
CVE-2014-4725 EXPLOITDB ruby VERIFIED
MailPoet Newsletters <2.6.7 - Auth Bypass
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.
by Metasploit
CVE-2014-4511 EXPLOITDB ruby VERIFIED
Gitlist < 0.5.0 - Remote Code Execution via Shell Metacharacters in URI
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.
by Metasploit
EIP-2026-102273 EXPLOITDB text
Photo Org WonderApplications 8.3 iOS - Local File Inclusion
by Vulnerability-Lab
EIP-2026-101880 EXPLOITDB ruby
Netgear WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)
by c1ph04
CVE-2014-4912 EXPLOITDB CRITICAL text VERIFIED
Frog CMS 0.9.5 - Unrestricted File Upload
An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation.
by Javid Hussain
CVSS 9.8
CVE-2014-5453 EXPLOITDB text VERIFIED
Ubisoft Uplay PC < 4.6.1.3217 - Privilege Escalation via Weak Installation Directory Permissions
Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain privileges via a Trojan horse file.
by LiquidWorm
CVE-2014-5349 EXPLOITDB text
Baidu Spark Browser 26.5.9999.3511 - Stack-Based Buffer Overflow via Nested window.print Calls
Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function.
by LiquidWorm
EIP-2026-114653 EXPLOITDB text
Zurmo CRM - Persistent Cross-Site Scripting
by Provensec
CVE-2014-3857 EXPLOITDB text
Kerio Control < 8.3.2 - Authenticated SQL Injection via Statistics Print Parameters
Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php.
by Khashayar Fereidani
CVE-2012-1876 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 6-9 and 10 Consumer Preview - Remote Code Execution via Col Element Handling
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
by sickness
CVE-2014-0894 EXPLOITDB text
IBM Algo Credit Limits 4.5.0-4.7.0 - Exposure of Sensitive Information via XML Document
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document.
by SEC Consult
EIP-2026-100001 EXPLOITDB text
Flussonic Media Server 4.1.25 < 4.3.3 - Arbitrary File Disclosure
by BGA Security
CVE-2014-4511 EXPLOITDB python VERIFIED
Gitlist < 0.5.0 - Remote Code Execution via Shell Metacharacters in URI
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.
by drone
CVE-2014-5023 EXPLOITDB python VERIFIED
Gitter/Gitlist <Repository.php - Command Injection
Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command.
by drone
CVE-2014-4703 EXPLOITDB text VERIFIED
Nagios Plugins <2.0.2 - Info Disclosure
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.
by Dawid Golunski
CVE-2014-0476 EXPLOITDB text VERIFIED
chkrootkit < 0.50 - Local Privilege Escalation via Trojan Horse Executable
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.
by Thomas Stangner
CVE-2013-5045 EXPLOITDB ruby VERIFIED
Microsoft Internet Explorer 10-11 - Privilege Escalation
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."
by Metasploit
CVE-2014-0257 EXPLOITDB ruby VERIFIED
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1 - Remote Code Execution via Type Traversal
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability."
by Metasploit
CVE-2014-4717 EXPLOITDB text
WordPress Simple Share Buttons Adder <4.5 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.
by dxw
CVE-2014-4650 EXPLOITDB CRITICAL text VERIFIED
Python 2.7.5 and 3.3.4 - Path Traversal via URL-Encoded Path Separators
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.
by RedTeam Pentesting
CVSS 9.8