Exploitdb Exploits
50,076 exploits tracked across all sources.
ZTE ZXV10 W300 Firmware W300V1.0.0a_ZRD_LK - Cross-Site Request Forgery via Admin Password Change
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.
by Osanda Malith Jayathissa
Easy File Management Web Server - Remote Stack Buffer Overflow (Metasploit)
by Metasploit
NetApp OnCommand Workflow Automation <3.0P1 - RCE
The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.
by Metasploit
ARRIS SBG901 - Cross-Site Request Forgery in goform/RgDdns
Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns service via the DdnsService parameter, (2) change the username via the DdnsUserName parameter, (3) change the password via the DdnsPassword parameter, or (4) change the host name via the DdnsHostName parameter.
by Blessen Thomas
Adobe Reader Mobile < 11.2 - Remote Code Execution via JavaScript in PDF
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.
by Metasploit
Yealink SIP-T38G - Authenticated OS Command Injection via cgiServer.exx System Method
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.
by Mr.Un1k0d3r
Yealink SIP-T38G - Authenticated OS Command Injection via cgiServer.exx System Method
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.
by Mr.Un1k0d3r
Yealink SIP-T38G - Authenticated Path Traversal via Page Parameter
Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.
by Mr.Un1k0d3r
netKar PRO 1.1 - '.nkuser' File Creation Null Pointer Denial of Service
by A reliable source
ZeroCMS 1.0 - 'zero_transact_user.php' Handling Privilege Escalation
by Tiago Carvalho
PostgreSQL < 8.4.1 - Authenticated Denial of Service via Hashtable Size Calculation Overflow
Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.
by Bernt Marius Johnsen
AlienVault OSSIM <4.8.0 - Info Disclosure
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request.
by James Fitts
Yealink SIP-T38G - Authenticated Path Traversal via dumpConfigFile Function
Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.
by Mr.Un1k0d3r
Yealink SIP-T38G - Hardcoded Passwords for User, Admin, and Var Accounts
config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors.
by Mr.Un1k0d3r
ZTE / TP-Link RomPager - Denial of Service
by Osanda Malith Jayathissa
Plesk 10.4.4/11.0.9 - SSO XML External Entity / Cross-Site Scripting Injection
by BLacK ZeRo
Yealink VoIP Phones <28.72.0.2 - CRLF Injection
CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.
by Jesus Oquendo
IBM AIX 6.1/7.1 & VIOS 2.2.x - Local Privilege Escalation
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.
by Portcullis
Core FTP LE 2.2 build 1798 - Buffer Overflow
Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) PASV, (4) SYST, (5) PWD, or (6) CDUP command.
by Gabor Seljan
SHOUTcast DNAS 2.2.1 - Cross-Site Scripting via MP3 Title Field
Cross-site scripting (XSS) vulnerability in the song history in SHOUTcast DNAS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the mp3 title field.
by rob222
ZeroCMS 1.0 - SQL Injection via article_id Parameter
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
by LiquidWorm
JW Player for Flash & HTML5 Video Plugin < 2.1.4 - Cross-Site Request Forgery via Player Deletion
Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php.
by Tom Adams
WordPress Featured Comments 1.2.1 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to wp-admin/admin-ajax.php.
by Tom Adams
WebTitan < 4.01 - SQL Injection via categories-x.php sortkey Parameter
SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter.
by SEC Consult
By Source