Exploitdb Exploits
50,076 exploits tracked across all sources.
Titan FTP Server <10.40.1829 - Path Traversal
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
by Fara Rustein
Titan FTP Server <10.40.1829 - Path Traversal
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.
by Fara Rustein
Kloxo < 6.1.12 - Unauthenticated SQL Injection via Login-Name Parameter
An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel (developed by LXCenter) prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the administrator’s password from the backend database. After recovering valid credentials, the attacker can authenticate to the Kloxo control panel and leverage the Command Center feature (display.php) to execute arbitrary operating system commands as root on the underlying host system. This vulnerability was reported to be exploited in the wild in January 2014.
by Metasploit
Titan FTP Server <10.40.1829 - Path Traversal
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.
by Fara Rustein
Tableau Server 8.0.x-8.0.6 and 8.1.x-8.1.1 - Authenticated SQL Injection
SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled.
by Trustwave's SpiderLabs
WellinTech KingSCADA < 3.1.2 Remote Code Execution via ActiveX ProjectURL Property
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value.
by Metasploit
Windows 7 SP1 and Windows Server 2008 R2 SP1 - Local Privilege Escalation via Win32k NULL Page
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."
by Metasploit
WordPress Plugin Frontend Upload - Arbitrary File Upload
by Daniel Godoy
Buddypress <1.9.2 - Privilege Escalation
The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.
by Pietro Oliva
CVSS 6.5
WiFi Camera Roll 1.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
D-Link DSL-2750B ADSL Route' - Cross-Site Request Forgery
by killall-9
Android get_user/put_user Exploit
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.
by Piotr Szerman
CVSS 8.8
MyBB Extended Useradmininfo Plugin 1.2.1 - Cross-Site Scripting
by Fikri Fadzil
CVE-2014-0329
EXPLOITDB
ZTE ZXV10 W300 2.1.0 - Info Disclosure
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.
by Cesar Neira
Publish-It PUI Buffer Overflow (SEH)
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
by Muhamad Fadzil Ramli
Pandora FMS <= 5.0RC1 - Unauthenticated Remote Command Execution via Anyterm p Parameter
An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell command, allowing arbitrary command execution as the pandora user. In certain versions (notably 4.1 and 5.0RC1), the pandora user can elevate privileges to root without a password using a chain involving the artica user account. This account is typically installed without a password and is configured to run sudo without authentication. Therefore, full system compromise is possible without any credentials.
by Metasploit
S9Y Serendipity 1.7.5 - 'Backend' Multiple Vulnerabilities
by Stefan Schurtz
osCommerce Online Merchant < 2.3.3.4 - Authenticated SQL Injection via zID Parameter
SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.
by Ahmed Aboul-Ela
doorGets CMS <= 5.2 - Authenticated SQL Injection via _position_down_id Parameter
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
by High-Tech Bridge SA
CTERA Cloud Storage OS <3.2.29.0-3.2.42.0 - XSS
Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS before 3.2.29.0, 3.2.42.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the description in a project folder.
by Luigi Vezzoso
AuraCMS <= 2.3 - Authenticated SQL Injection via Search Parameter or HTTP Headers
Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php.
by High-Tech Bridge SA
WHMCompleteSolution (WHMCS) 5.12 - 'cart.php' Denial of Service
by Amir
Android 3.0-4.1.x - Remote Code Execution via WebView.addJavascriptInterface
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.
by Metasploit
By Source