Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-4107 EXPLOITDB perl
HP 9000 - Path Traversal
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.
by @0x00string
EIP-2026-109943 EXPLOITDB php VERIFIED
No-CMS 0.6.6 rev 1 - Admin Account Hijacking / Remote Code Execution via Static Encryption Key
by Mehmet Ince
CVE-2014-3757 EXPLOITDB text
phpmanufaktur kitform < 0.43 - SQL Injection via sorter_value Parameter
SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter.
by chapp
EIP-2026-107754 EXPLOITDB text VERIFIED
iDevAffiliate - 'idevads.php' SQL Injection
by Robert Cooper
CVE-2014-1322 EXPLOITDB c VERIFIED
macOS < 10.9.2 - Unprotected Kernel Pointer Exposure via XNU Object Attribute
The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.
by Ian Beer
CVE-2014-2976 EXPLOITDB text
Sixnet SixView Manager 2.4.1 - Unauthenticated Path Traversal via HTTP GET Request
Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081.
by daniel svartman
CVE-2013-0634 EXPLOITDB ruby VERIFIED
Adobe Flash Player <10.3.183.51-11.5.502.149 - RCE
Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013.
by Metasploit
CVE-2014-2923 EXPLOITDB text VERIFIED
COMTREND CT-5361T Router - 'Password.cgi' Cross-Site Request Forgery (Admin Password Manipulation)
by TUNISIAN CYBER
CVE-2014-10019 EXPLOITDB text
Teracom T2-B-Gawv1.4U10Y-BI - Cross-Site Request Forgery in WLAN Country Settings
Multiple cross-site request forgery (CSRF) vulnerabilities in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID or (2) change the password via a crafted request.
by Rakesh S
EIP-2026-111571 EXPLOITDB text VERIFIED
PTCeffect 4.6 - Local File Inclusion / SQL Injection
by walid naceri
EIP-2026-106018 EXPLOITDB text
CMSimple 4.4/4.4.2 - Remote File Inclusion
by NoGe
CVE-2014-2913 EXPLOITDB text
Nagios Remote Plugin Executor <2.15 - RCE
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments
by Dawid Golunski
CVE-2014-2851 EXPLOITDB c
Linux Kernel < 3.14.1 - Use-After-Free in ping_init_sock
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.
by Thomas Pollet
EIP-2026-101444 EXPLOITDB c
Sercomm TCP/32674 - Backdoor Reactivation
by Synacktiv
CVE-2014-0984 EXPLOITDB text VERIFIED
SAP Router - Timing Side-Channel Attack via Password Validation
The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.
by Core Security
CVE-2014-0322 EXPLOITDB HIGH ruby VERIFIED
MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.
by Metasploit
CVSS 8.8
CVE-2010-5300 EXPLOITDB python VERIFIED
Jzip <2.0.0.132900 - Buffer Overflow
Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name in a zip archive.
by motaz reda
CVE-2014-3008 EXPLOITDB ruby
Unitrends Enterprise Backup 7.3.0 - Authenticated OS Command Injection via SNMPD Comm Parameter
Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.
by Brandon Perry
CVE-2014-3139 EXPLOITDB ruby
Unitrends Enterprise Backup 7.3.0 - Unauthenticated Authentication Bypass via SNMPD Auth Parameter
recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string.
by Brandon Perry
CVE-2014-3146 EXPLOITDB MEDIUM text VERIFIED
lxml < 3.3.5 - Cross-Site Scripting via Control Characters in Link Scheme
Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.
by Maksim Kochkin
CVSS 6.1
CVE-2014-3138 EXPLOITDB text
Xerox DocuShare - Authenticated SQL Injection via PATH_INFO to ResultBackgroundJobMultiple
SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of these details are obtained from third party information.
by Brandon Perry
EIP-2026-101878 EXPLOITDB text
Netgear WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities
by Santhosh Kumar
CVE-2014-0514 EXPLOITDB text VERIFIED
Adobe Reader Mobile < 11.2 - Remote Code Execution via JavaScript in PDF
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.
by Yorick Koster
CVE-2014-125118 EXPLOITDB CRITICAL ruby VERIFIED
eScan Web Management Console <5.5-2 - Command Injection
A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php, allowing an authenticated attacker with a valid username to inject arbitrary commands via a specially crafted password value. Successful exploitation results in remote code execution. Privilege escalation to root is possible by abusing the runasroot utility with mwconf-level privileges.
by Metasploit
CVE-2014-0322 EXPLOITDB HIGH html VERIFIED
MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.
by Jean-Jamil Khalife
CVSS 8.8