Exploitdb Exploits
50,076 exploits tracked across all sources.
Oracle Endeca Server - Info Disclosure
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2400.
by RedTeam Pentesting
HP Service Virtualization 3.x < 3.50.1 - Path Traversal and Arbitrary File Write via CommunicationServlet
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.
by Metasploit
Mailspect Control Panel 4.0.5 - Multiple Vulnerabilities
by Onur Alanbel (BGA)
Cogent DataHub < 7.3.5 - Remote Code Execution via GetPermissions.asp
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
by Metasploit
Thomson TWG87OUIR - Cross-Site Request Forgery via Password Change Form
Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password and PasswordReEnter parameters to goform/RgSecurity.
by nopesled
Microsoft Internet Explorer 6-11 - Memory Corruption
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.
by Drozdova Liudmila
ZeusCart 4.x - SQL Injection
Multiple SQL injection vulnerabilities in ZeusCart 4.x.
by Kenny Mathis
CVSS 8.8
TimThumb 2.8.13-WordThumb 1.07 - RCE
TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter.
by @u0x
AlienVault OSSIM < 4.7.0 - Remote Code Execution via av-centerd SOAP Service
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.
by Metasploit
D-Link Devices - 'hedwig.cgi' Remote Buffer Overflow in Cookie Header (Metasploit)
by Metasploit
D-Link Devices - 'Authentication.cgi' Remote Buffer Overflow (Metasploit)
by Metasploit
ZeroCMS 1.0 - SQL Injection via article_id Parameter
SQL injection vulnerability in zero_transact_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a Submit Comment action.
by Filippos Mastrogiannis
Lunar CMS < 3.3 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a request to admin/user_create.php or conduct cross-site scripting (XSS) attacks via the (2) email or (3) subject parameter in contact_form.ext.php to admin/extensions.php.
by LiquidWorm
Linux kernel <3.14.8 - Privilege Escalation
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.
by Vitaly Nikolenko
D-Link DSL-2760U-E1 - Stored Cross-Site Scripting via Hostname in dhcpinfo.html
Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname.
by Yuval tisf Nativ
Eromic AccessNow Server - Buffer Overflow
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.
by Metasploit
web2project < 3.1 - Authenticated SQL Injection via Search String or Update Key Parameter
Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php.
by High-Tech Bridge SA
CVSS 8.8
ZTE ZXV10 W300 Firmware W300V1.0.0a_ZRD_LK - Unprotected Credential Exposure via tc2wanfun.js
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
by Osanda Malith Jayathissa
ZTE ZXV10 W300 W300V1.0.0a_ZRD_LK - Unauthenticated Sensitive Information Exposure
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
by Osanda Malith Jayathissa
CVSS 7.5
ZTE ZXV10 W300 Firmware W300V1.0.0a_ZRD_LK - Default Password for Admin Account
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.
by Osanda Malith Jayathissa
Ubisoft Rayman Legends <1.3.140380 - Buffer Overflow
Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the "second connection" to TCP port 1001.
by LiquidWorm
Cacti superlinks plugin 1.4-2 - SQL Injection via id Parameter
SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Napsterakos
Rocket ServerGraph 1.2 - Path Traversal
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.
by Metasploit
AlienVault OSSIM < 4.7.0 - Remote Code Execution via av-centerd SOAP Service
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.
by Alfredo Ramirez
By Source