Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-2399 EXPLOITDB text VERIFIED
Oracle Endeca Server - Info Disclosure
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2400.
by RedTeam Pentesting
CVE-2013-6221 EXPLOITDB ruby VERIFIED
HP Service Virtualization 3.x < 3.50.1 - Path Traversal and Arbitrary File Write via CommunicationServlet
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.
by Metasploit
EIP-2026-100850 EXPLOITDB text
Mailspect Control Panel 4.0.5 - Multiple Vulnerabilities
by Onur Alanbel (BGA)
CVE-2014-3789 EXPLOITDB ruby VERIFIED
Cogent DataHub < 7.3.5 - Remote Code Execution via GetPermissions.asp
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
by Metasploit
EIP-2026-109224 EXPLOITDB text VERIFIED
Lunar CMS 3.3 - Remote Command Execution
by LiquidWorm
CVE-2014-4716 EXPLOITDB html
Thomson TWG87OUIR - Cross-Site Request Forgery via Password Change Form
Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password and PasswordReEnter parameters to goform/RgSecurity.
by nopesled
CVE-2014-0282 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 6-11 - Memory Corruption
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.
by Drozdova Liudmila
CVE-2014-3868 EXPLOITDB HIGH text VERIFIED
ZeusCart 4.x - SQL Injection
Multiple SQL injection vulnerabilities in ZeusCart 4.x.
by Kenny Mathis
CVSS 8.8
CVE-2014-4663 EXPLOITDB text VERIFIED
TimThumb 2.8.13-WordThumb 1.07 - RCE
TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter.
by @u0x
CVE-2014-3804 EXPLOITDB ruby VERIFIED
AlienVault OSSIM < 4.7.0 - Remote Code Execution via av-centerd SOAP Service
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.
by Metasploit
EIP-2026-101217 EXPLOITDB ruby VERIFIED
D-Link Devices - 'hedwig.cgi' Remote Buffer Overflow in Cookie Header (Metasploit)
by Metasploit
EIP-2026-101215 EXPLOITDB ruby VERIFIED
D-Link Devices - 'Authentication.cgi' Remote Buffer Overflow (Metasploit)
by Metasploit
CVE-2014-4194 EXPLOITDB text VERIFIED
ZeroCMS 1.0 - SQL Injection via article_id Parameter
SQL injection vulnerability in zero_transact_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a Submit Comment action.
by Filippos Mastrogiannis
CVE-2014-4718 EXPLOITDB text VERIFIED
Lunar CMS < 3.3 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a request to admin/user_create.php or conduct cross-site scripting (XSS) attacks via the (2) email or (3) subject parameter in contact_form.ext.php to admin/extensions.php.
by LiquidWorm
CVE-2014-4014 EXPLOITDB c VERIFIED
Linux kernel <3.14.8 - Privilege Escalation
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.
by Vitaly Nikolenko
CVE-2014-4645 EXPLOITDB bash
D-Link DSL-2760U-E1 - Stored Cross-Site Scripting via Hostname in dhcpinfo.html
Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname.
by Yuval tisf Nativ
CVE-2014-3913 EXPLOITDB ruby VERIFIED
Eromic AccessNow Server - Buffer Overflow
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.
by Metasploit
CVE-2014-3119 EXPLOITDB HIGH text
web2project < 3.1 - Authenticated SQL Injection via Search String or Update Key Parameter
Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php.
by High-Tech Bridge SA
CVSS 8.8
CVE-2014-4154 EXPLOITDB text
ZTE ZXV10 W300 Firmware W300V1.0.0a_ZRD_LK - Unprotected Credential Exposure via tc2wanfun.js
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
by Osanda Malith Jayathissa
CVE-2014-4019 EXPLOITDB HIGH text
ZTE ZXV10 W300 W300V1.0.0a_ZRD_LK - Unauthenticated Sensitive Information Exposure
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
by Osanda Malith Jayathissa
CVSS 7.5
CVE-2014-4018 EXPLOITDB text
ZTE ZXV10 W300 Firmware W300V1.0.0a_ZRD_LK - Default Password for Admin Account
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.
by Osanda Malith Jayathissa
CVE-2014-4334 EXPLOITDB perl
Ubisoft Rayman Legends <1.3.140380 - Buffer Overflow
Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the "second connection" to TCP port 1001.
by LiquidWorm
CVE-2014-4644 EXPLOITDB text VERIFIED
Cacti superlinks plugin 1.4-2 - SQL Injection via id Parameter
SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Napsterakos
CVE-2014-3914 EXPLOITDB ruby VERIFIED
Rocket ServerGraph 1.2 - Path Traversal
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.
by Metasploit
CVE-2014-3805 EXPLOITDB perl VERIFIED
AlienVault OSSIM < 4.7.0 - Remote Code Execution via av-centerd SOAP Service
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.
by Alfredo Ramirez