Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-1842 EXPLOITDB text
Titan FTP Server <10.40.1829 - Path Traversal
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
by Fara Rustein
CVE-2014-1841 EXPLOITDB text
Titan FTP Server <10.40.1829 - Path Traversal
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.
by Fara Rustein
CVE-2014-125123 EXPLOITDB CRITICAL ruby VERIFIED
Kloxo < 6.1.12 - Unauthenticated SQL Injection via Login-Name Parameter
An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel (developed by LXCenter) prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the administrator’s password from the backend database. After recovering valid credentials, the attacker can authenticate to the Kloxo control panel and leverage the Command Center feature (display.php) to execute arbitrary operating system commands as root on the underlying host system. This vulnerability was reported to be exploited in the wild in January 2014.
by Metasploit
CVE-2014-1843 EXPLOITDB text
Titan FTP Server <10.40.1829 - Path Traversal
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.
by Fara Rustein
CVE-2014-1204 EXPLOITDB text VERIFIED
Tableau Server 8.0.x-8.0.6 and 8.1.x-8.1.1 - Authenticated SQL Injection
SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled.
by Trustwave's SpiderLabs
CVE-2013-2827 EXPLOITDB ruby VERIFIED
WellinTech KingSCADA < 3.1.2 Remote Code Execution via ActiveX ProjectURL Property
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value.
by Metasploit
CVE-2013-3881 EXPLOITDB ruby VERIFIED
Windows 7 SP1 and Windows Server 2008 R2 SP1 - Local Privilege Escalation via Win32k NULL Page
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."
by Metasploit
EIP-2026-113774 EXPLOITDB text
WordPress Plugin Frontend Upload - Arbitrary File Upload
by Daniel Godoy
CVE-2014-1889 EXPLOITDB MEDIUM text
Buddypress <1.9.2 - Privilege Escalation
The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.
by Pietro Oliva
CVSS 6.5
EIP-2026-104676 EXPLOITDB perl VERIFIED
phpBB 3.0.8 - Remote Denial of Service
by Amir
EIP-2026-102310 EXPLOITDB text
WiFi Camera Roll 1.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-101645 EXPLOITDB text
D-Link DSL-2750B ADSL Route' - Cross-Site Request Forgery
by killall-9
CVE-2013-6282 EXPLOITDB HIGH c
Android get_user/put_user Exploit
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.
by Piotr Szerman
CVSS 8.8
EIP-2026-109713 EXPLOITDB text VERIFIED
MyBB Extended Useradmininfo Plugin 1.2.1 - Cross-Site Scripting
by Fikri Fadzil
CVE-2014-0329 EXPLOITDB
ZTE ZXV10 W300 2.1.0 - Info Disclosure
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.
by Cesar Neira
CVE-2014-0980 EXPLOITDB ruby VERIFIED
Publish-It PUI Buffer Overflow (SEH)
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
by Muhamad Fadzil Ramli
EIP-2026-115993 EXPLOITDB python
OneHTTPD 0.8 - Crash (PoC)
by Mahmod Mahajna (Mahy)
CVE-2014-125124 EXPLOITDB CRITICAL ruby VERIFIED
Pandora FMS <= 5.0RC1 - Unauthenticated Remote Command Execution via Anyterm p Parameter
An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell command, allowing arbitrary command execution as the pandora user. In certain versions (notably 4.1 and 5.0RC1), the pandora user can elevate privileges to root without a password using a chain involving the artica user account. This account is typically installed without a password and is configured to run sudo without authentication. Therefore, full system compromise is possible without any credentials.
by Metasploit
EIP-2026-111861 EXPLOITDB text VERIFIED
S9Y Serendipity 1.7.5 - 'Backend' Multiple Vulnerabilities
by Stefan Schurtz
CVE-2014-10033 EXPLOITDB text VERIFIED
osCommerce Online Merchant < 2.3.3.4 - Authenticated SQL Injection via zID Parameter
SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.
by Ahmed Aboul-Ela
CVE-2014-1459 EXPLOITDB text
doorGets CMS <= 5.2 - Authenticated SQL Injection via _position_down_id Parameter
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
by High-Tech Bridge SA
CVE-2013-2639 EXPLOITDB text
CTERA Cloud Storage OS <3.2.29.0-3.2.42.0 - XSS
Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS before 3.2.29.0, 3.2.42.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the description in a project folder.
by Luigi Vezzoso
CVE-2014-1401 EXPLOITDB text
AuraCMS <= 2.3 - Authenticated SQL Injection via Search Parameter or HTTP Headers
Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php.
by High-Tech Bridge SA
EIP-2026-104684 EXPLOITDB perl VERIFIED
WHMCompleteSolution (WHMCS) 5.12 - 'cart.php' Denial of Service
by Amir
CVE-2013-4710 EXPLOITDB ruby VERIFIED
Android 3.0-4.1.x - Remote Code Execution via WebView.addJavascriptInterface
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.
by Metasploit