Exploitdb Exploits
50,076 exploits tracked across all sources.
Netgear D6300B - '/diag.cgi?IPAddr4' Remote Command Execution
by Marcel Mangold
Adrenalin Player 2.2.5.3 - '.m3u' Local Buffer Overflow (SEH) (ASLR + DEP Bypass)
by Muhamad Fadzil Ramli
CiMe Citas Médicas - Multiple Vulnerabilities
by vinicius777
Seowon Intech SWC-9100 - OS Command Injection via ping_ipaddr Parameter
The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the ping_ipaddr parameter.
by Josue Rojas
Seowon Intech SWC-9100 - Unauthenticated Denial of Service via reboot.cgi
cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial of service (reboot) via a default_reboot action or (2) reset all configuration values via a factory_default action.
by Josue Rojas
Linux Kernel recvmmsg Privilege Escalation
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.
by rebel
Linux Kernel recvmmsg Privilege Escalation
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.
by saelo
MediaWiki <1.22.2/<1.21.5/<1.19.11 - RCE
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.
by @u0x
Linux Kernel recvmmsg Privilege Escalation
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.
by Kees Cook
Simple E-Document 3.0-3.1 - File Upload
An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3) with HTTP requests. The application’s upload mechanism fails to restrict file types and does not validate or sanitize user-supplied input, allowing attackers to upload malicious .php scripts. Authentication can be bypassed entirely by supplying a specially crafted cookie (access=3), granting access to the upload functionality without valid credentials. If file uploads are enabled on the server, the attacker can upload a web shell and gain remote code execution with the privileges of the web server user, potentially leading to full system compromise.
by Metasploit
A10 Networks AX Loadbalancer <2.7.0 - Path Traversal
A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP requests containing directory traversal sequences to read arbitrary files outside the intended directory. The files returned by the vulnerable endpoint are deleted from the system after retrieval. This can lead to unauthorized disclosure of sensitive information such as SSL certificates and private keys, as well as unintended file deletion.
by xistence
Oracle Reports Developer - Info Disclosure
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file.
by Mekanismen
CVSS 9.1
pcman's ftp server 2.0.7 - Unauthenticated Buffer Overflow via USER Command
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by Mahmod Mahajna (Mahy)
pcman's ftp server 2.0.7 - Unauthenticated Buffer Overflow via USER Command
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by Mahmod Mahajna (Mahy)
haneWIN DNS Server 1.5.3 - Remote Buffer Overflow (SEH)
by Dario Estrada
ManageEngine SupportCenter Plus < 7.9 - Path Traversal via WorkOrder.do Attach Parameter
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.
by xistence
Oracle Forms and Reports Remote Code Execution
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the PARSEQUERY function allows remote attackers to obtain database credentials via reports/rwservlet/parsequery, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3152 to execute arbitrary code by uploading a .jsp file.
by Mekanismen
Eventum < 2.3.5 - Unauthenticated Application Reinstallation via Direct Setup Request
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
by High-Tech Bridge
CVSS 7.5
Ability Mail Server 2013 -Persistent Cross-Site Scripting / Cross-Site Request Forgery (Password Reset)
by David Um
Oracle Fusion Middleware 8.4.0-8.4.1 - Denial of Service in Outside In Filters
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is a stack-based buffer overflow in the Microsoft Access 1.x parser in vsacs.dll before 8.4.0.108 and before 8.4.1.52, which allows attackers to execute arbitrary code via a long field (aka column) name.
by Citadelo
Eventum < 2.3.5 - Unauthenticated Application Reinstallation via Direct Setup Request
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
by High-Tech Bridge
CVSS 7.5
SeaMonkey < 2.20 - Cross-Site Scripting via Data URL in IFRAME
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
by Vulnerability-Lab
By Source