Exploitdb Exploits
50,076 exploits tracked across all sources.
Python - Interpreter Heap Memory Corruption (PoC)
by Debasish Mandal
OpenFiler 2.99.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Dolev Farhi
Foscam IP Camera Firmware - Predictable Credential Generation in DynDNS Feature
Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam DNS server.
by Sergey Shekyan
Caldera 9.20 - SQL Injection via tr Parameter
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.
by Thomas Fischer
Caldera 9.20 - SQL Injection via tr Parameter
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.
by Thomas Fischer
Microsoft Windows - Privilege Escalation
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
by Metasploit
Adobe Flash Player Integer Underflow Remote Code Execution
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
by Metasploit
CVSS 9.8
TeamHelpdesk Customer Web Service (CWS) 8.3.5 & Technician Web Access (TWA) 8.3.5 - Remote User Credential Dump
by bhamb
PrestaShop - 'getSimilarManufacturer.php?id_manufacturer' SQL Injection
by indoushka
AssistMyTeam Team Helpdesk - Multiple Information Disclosure Vulnerabilities
by bhamb
Seagate BlackArmor NAS - Remote Code Execution via Session or Auth Name Parameter
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
by Shayan S
CVSS 9.8
Seagate BlackArmor NAS 220 and 110 Firmware - Use of Hard-coded Credentials
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.
by Shayan S
CVSS 9.8
Crime24 Stealer Panel 1.0 - Multiple Vulnerabilities
by Daisuke Dan
Alienvault Open Source SIEM (OSSIM) - SQL Injection / Remote Code Execution (Metasploit)
by Metasploit
Apache Struts 2.0.0-2.3.16.1 and struts2-core < 2.3.20 - Remote Code Execution via CookieInterceptor
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
by Metasploit
F5 BIG-IQ Cloud and Security 4.0.0-4.1.0 - Authenticated Arbitrary Password Change via User Name Parameter
F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/.
by Brandon Perry
Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting
by Dolev Farhi
AVM Fritz!Box - Remote Command Execution via var:lang Parameter
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.
by 0x4148
Beetel 450TC2 Router Firmware TX6-0Q-005_retail - Cross-Site Request Forgery via Password Change
Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewTools_Password and uiViewTools_PasswordConfirm parameters to Forms/tools_admin_1.
by shyamkumar somana
Adobe Flash Player <11.7.700.257, 11.8.x, 11.9.x - RCE
Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013.
by Metasploit
By Source