Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102821 EXPLOITDB c VERIFIED
Docker 0.11 - VMM-Container Breakout
by Sebastian Krahmer
CVE-2014-4155 EXPLOITDB text
ZTE ZXV10 W300 Firmware W300V1.0.0a_ZRD_LK - Cross-Site Request Forgery via Admin Password Change
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.
by Osanda Malith Jayathissa
EIP-2026-118455 EXPLOITDB ruby VERIFIED
Easy File Management Web Server - Remote Stack Buffer Overflow (Metasploit)
by Metasploit
CVE-2015-3292 EXPLOITDB ruby VERIFIED
NetApp OnCommand Workflow Automation <3.0P1 - RCE
The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.
by Metasploit
CVE-2014-3778 EXPLOITDB text
ARRIS SBG901 - Cross-Site Request Forgery in goform/RgDdns
Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns service via the DdnsService parameter, (2) change the username via the DdnsUserName parameter, (3) change the password via the DdnsPassword parameter, or (4) change the host name via the DdnsHostName parameter.
by Blessen Thomas
CVE-2014-0514 EXPLOITDB ruby VERIFIED
Adobe Reader Mobile < 11.2 - Remote Code Execution via JavaScript in PDF
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.
by Metasploit
CVE-2013-5758 EXPLOITDB text
Yealink SIP-T38G - Authenticated OS Command Injection via cgiServer.exx System Method
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.
by Mr.Un1k0d3r
CVE-2013-5758 EXPLOITDB text
Yealink SIP-T38G - Authenticated OS Command Injection via cgiServer.exx System Method
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.
by Mr.Un1k0d3r
CVE-2013-5756 EXPLOITDB text
Yealink SIP-T38G - Authenticated Path Traversal via Page Parameter
Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.
by Mr.Un1k0d3r
EIP-2026-115919 EXPLOITDB text VERIFIED
netKar PRO 1.1 - '.nkuser' File Creation Null Pointer Denial of Service
by A reliable source
EIP-2026-114622 EXPLOITDB python VERIFIED
ZeroCMS 1.0 - 'zero_transact_user.php' Handling Privilege Escalation
by Tiago Carvalho
CVE-2010-0733 EXPLOITDB text VERIFIED
PostgreSQL < 8.4.1 - Authenticated Denial of Service via Hashtable Size Calculation Overflow
Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.
by Bernt Marius Johnsen
CVE-2014-4153 EXPLOITDB ruby
AlienVault OSSIM <4.8.0 - Info Disclosure
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request.
by James Fitts
CVE-2013-5757 EXPLOITDB text
Yealink SIP-T38G - Authenticated Path Traversal via dumpConfigFile Function
Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.
by Mr.Un1k0d3r
CVE-2013-5755 EXPLOITDB text
Yealink SIP-T38G - Hardcoded Passwords for User, Admin, and Var Accounts
config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors.
by Mr.Un1k0d3r
EIP-2026-101116 EXPLOITDB python
ZTE / TP-Link RomPager - Denial of Service
by Osanda Malith Jayathissa
EIP-2026-100018 EXPLOITDB php
Plesk 10.4.4/11.0.9 - SSO XML External Entity / Cross-Site Scripting Injection
by BLacK ZeRo
CVE-2014-3427 EXPLOITDB text VERIFIED
Yealink VoIP Phones <28.72.0.2 - CRLF Injection
CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.
by Jesus Oquendo
CVE-2014-3977 EXPLOITDB text VERIFIED
IBM AIX 6.1/7.1 & VIOS 2.2.x - Local Privilege Escalation
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.
by Portcullis
CVE-2014-4643 EXPLOITDB python VERIFIED
Core FTP LE 2.2 build 1798 - Buffer Overflow
Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) PASV, (4) SYST, (5) PWD, or (6) CDUP command.
by Gabor Seljan
CVE-2014-4166 EXPLOITDB text VERIFIED
SHOUTcast DNAS 2.2.1 - Cross-Site Scripting via MP3 Title Field
Cross-site scripting (XSS) vulnerability in the song history in SHOUTcast DNAS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the mp3 title field.
by rob222
CVE-2014-4034 EXPLOITDB text VERIFIED
ZeroCMS 1.0 - SQL Injection via article_id Parameter
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
by LiquidWorm
CVE-2014-4030 EXPLOITDB text VERIFIED
JW Player for Flash & HTML5 Video Plugin < 2.1.4 - Cross-Site Request Forgery via Player Deletion
Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php.
by Tom Adams
CVE-2014-4163 EXPLOITDB text VERIFIED
WordPress Featured Comments 1.2.1 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to wp-admin/admin-ajax.php.
by Tom Adams
CVE-2014-4307 EXPLOITDB text
WebTitan < 4.01 - SQL Injection via categories-x.php sortkey Parameter
SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter.
by SEC Consult