Exploitdb Exploits
50,076 exploits tracked across all sources.
Adobe ColdFusion 9.0-9.0.2, 10 - Unauthenticated Authentication Bypass and Remote Code Execution via RDS Component
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.
by Metasploit
CVSS 9.8
Piranha Configuration Tool 0.8.6 - Unauthenticated Configuration Access via HTTP POST Request
The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request.
by Andreas Schiermeier
Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
PlaySms 0.9.9.2 - Cross-Site Request Forgery
by Saadi Siddiqui
Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities
by Vulnerability-Lab
Linux kernel < 3.12 - Info Disclosure
The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.
by Mathy Vanhoef
osCMax - Arbitrary File Upload / Full Path Information Disclosure
by KedAns-Dz
WordPress Plugin PhotoSmash Galleries - 'bwbps-uploader.php' Arbitrary File Upload
by Ashiyane Digital Security Team
WordPress Download Mgr <2.5.9 - XSS
Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field.
by Jeroen - IT Nerdbox
Print n Share 5.5 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
Apple Safari For Windows - PhishingAlert Security Bypass
by Jackmasa
WordPress Plugin page-flip-image-gallery - Arbitrary File Upload
by Ashiyane Digital Security Team
WordPress Plugin Easy Career Openings - 'jobid' SQL Injection
by Iranian_Dark_Coders_Team
WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure
by aceeeeeeeer .
NeoBill 0.9-alpha - 'language' Local File Inclusion
by KedAns-Dz
NeoBill - '/modules/nullregistrar/PHPwhois/example.php?query' Remote Code Execution
by KedAns-Dz
NeoBill - '/install/include/solidstate.php' Multiple SQL Injections
by KedAns-Dz
Enorth Webpublisher CMS < 5.0 - SQL Injection via thisday Parameter
SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter.
by xin.wang
Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection
by Filip Waeytens
BoxBilling 3.6.11 - 'mod_notification' Persistent Cross-Site Scripting
by LiquidWorm
Zimbra 7.2.2-8.0.2 - Path Traversal
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
by rubina119
D-Link DSR Series Firmware - SQL Injection via Login Password Parameter
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.
by 0_o
CVSS 9.8
By Source