Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101373 EXPLOITDB text VERIFIED
Netgear D6300B - '/diag.cgi?IPAddr4' Remote Command Execution
by Marcel Mangold
EIP-2026-116733 EXPLOITDB ruby
Adrenalin Player 2.2.5.3 - '.m3u' Local Buffer Overflow (SEH) (ASLR + DEP Bypass)
by Muhamad Fadzil Ramli
EIP-2026-105854 EXPLOITDB text VERIFIED
CiMe Citas Médicas - Multiple Vulnerabilities
by vinicius777
CVE-2013-7179 EXPLOITDB text VERIFIED
Seowon Intech SWC-9100 - OS Command Injection via ping_ipaddr Parameter
The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the ping_ipaddr parameter.
by Josue Rojas
CVE-2013-7183 EXPLOITDB text VERIFIED
Seowon Intech SWC-9100 - Unauthenticated Denial of Service via reboot.cgi
cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial of service (reboot) via a default_reboot action or (2) reset all configuration values via a factory_default action.
by Josue Rojas
CVE-2014-0038 EXPLOITDB c VERIFIED
Linux Kernel recvmmsg Privilege Escalation
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.
by rebel
CVE-2014-0038 EXPLOITDB c VERIFIED
Linux Kernel recvmmsg Privilege Escalation
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.
by saelo
CVE-2014-1610 EXPLOITDB text VERIFIED
MediaWiki <1.22.2/<1.21.5/<1.19.11 - RCE
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.
by @u0x
CVE-2014-0038 EXPLOITDB c
Linux Kernel recvmmsg Privilege Escalation
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.
by Kees Cook
CVE-2014-125126 EXPLOITDB CRITICAL ruby VERIFIED
Simple E-Document 3.0-3.1 - File Upload
An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3) with HTTP requests. The application’s upload mechanism fails to restrict file types and does not validate or sanitize user-supplied input, allowing attackers to upload malicious .php scripts. Authentication can be bypassed entirely by supplying a specially crafted cookie (access=3), granting access to the upload functionality without valid credentials. If file uploads are enabled on the server, the attacker can upload a web shell and gain remote code execution with the privileges of the web server user, potentially leading to full system compromise.
by Metasploit
CVE-2014-125125 EXPLOITDB HIGH text
A10 Networks AX Loadbalancer <2.7.0 - Path Traversal
A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP requests containing directory traversal sequences to read arbitrary files outside the intended directory. The files returned by the vulnerable endpoint are deleted from the system after retrieval. This can lead to unauthorized disclosure of sensitive information such as SSL certificates and private keys, as well as unintended file deletion.
by xistence
CVE-2012-3152 EXPLOITDB CRITICAL ruby
Oracle Reports Developer - Info Disclosure
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file.
by Mekanismen
CVSS 9.1
CVE-2013-4730 EXPLOITDB python VERIFIED
pcman's ftp server 2.0.7 - Unauthenticated Buffer Overflow via USER Command
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by Mahmod Mahajna (Mahy)
CVE-2013-4730 EXPLOITDB python VERIFIED
pcman's ftp server 2.0.7 - Unauthenticated Buffer Overflow via USER Command
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by Mahmod Mahajna (Mahy)
EIP-2026-118631 EXPLOITDB python VERIFIED
haneWIN DNS Server 1.5.3 - Remote Buffer Overflow (SEH)
by Dario Estrada
EIP-2026-110559 EXPLOITDB text
pfSense 2.1 build 20130911-1816 - Directory Traversal
by @u0x
CVE-2014-100002 EXPLOITDB text
ManageEngine SupportCenter Plus < 7.9 - Path Traversal via WorkOrder.do Attach Parameter
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.
by xistence
EIP-2026-109163 EXPLOITDB text VERIFIED
LinPHA 1.3.4 - Multiple Vulnerabilities
by killall-9
CVE-2012-3153 EXPLOITDB ruby
Oracle Forms and Reports Remote Code Execution
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the PARSEQUERY function allows remote attackers to obtain database credentials via reports/rwservlet/parsequery, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3152 to execute arbitrary code by uploading a .jsp file.
by Mekanismen
EIP-2026-102294 EXPLOITDB text
SimplyShare 1.4 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2014-1631 EXPLOITDB HIGH text VERIFIED
Eventum < 2.3.5 - Unauthenticated Application Reinstallation via Direct Setup Request
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
by High-Tech Bridge
CVSS 7.5
EIP-2026-119341 EXPLOITDB text
Ability Mail Server 2013 -Persistent Cross-Site Scripting / Cross-Site Request Forgery (Password Reset)
by David Um
CVE-2013-5791 EXPLOITDB python
Oracle Fusion Middleware 8.4.0-8.4.1 - Denial of Service in Outside In Filters
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is a stack-based buffer overflow in the Microsoft Access 1.x parser in vsacs.dll before 8.4.0.108 and before 8.4.1.52, which allows attackers to execute arbitrary code via a long field (aka column) name.
by Citadelo
CVE-2014-1631 EXPLOITDB HIGH text VERIFIED
Eventum < 2.3.5 - Unauthenticated Application Reinstallation via Direct Setup Request
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
by High-Tech Bridge
CVSS 7.5
CVE-2013-6674 EXPLOITDB text
SeaMonkey < 2.20 - Cross-Site Scripting via Data URL in IFRAME
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
by Vulnerability-Lab