Exploitdb Exploits
50,076 exploits tracked across all sources.
Light Alloy < 4.7.3 - Remote Code Execution via Long URL in .m3u File
Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows remote attackers to execute arbitrary code via a long URL in a .m3u file.
by Mike Czumak
Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 - Remote Code Execution via VhttpdMgr
VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action.
by Eduardo Gonzalez
WordPress Theme Suco - 'themify-ajax.php' Arbitrary File Upload
by DevilScreaM
PineApp Mail-SeCure 3.70 and earlier on 5099SK - Privilege Escalation via Sudoers Misconfiguration
PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account.
by Ruben Garrote García
SKIDATA Freemotion.Gate - Web Services Multiple Command Execution Vulnerabilities
by Dennis Kelly
nginx 0.8.41-1.4.3 and 1.5.x < 1.5.7 - URI Restriction Bypass via Unescaped Space Character
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
by Ivan Fratric
DeepOfix < 3.3 - Unauthenticated Authentication Bypass via Empty Password
The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind.
by Gerardo Vazquez_ Eduardo Arriols
Ruckus Wireless Zoneflex 2942 <9.6.0.0.267 - Auth Bypass
Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication error for an arbitrary login attempt.
by myexploit
Kaseya KServer <6.3.0.2 - File Upload
An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted filename parameter in a multipart/form-data POST request. Due to the lack of authentication and input sanitation, an attacker can upload a file with an .asp extension to a web-accessible directory, which can then be invoked to execute arbitrary code with the privileges of the IUSR account. The vulnerability enables remote code execution without prior authentication and was resolved in version 6.3.0.2 by removing the vulnerable uploadImage.asp endpoint.
by Security-Assessment.com
WordPress Theme Make A Statement (MaS) - Cross-Site Request Forgery
by DevilScreaM
WordPress Theme Euclid 1.x - Cross-Site Request Forgery
by DevilScreaM
WordPress Theme Dimension - Cross-Site Request Forgery
by DevilScreaM
LiveZilla 5.0.1.4 - Remote Code Execution via Path Traversal
LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability
by Curesec Research Team
CVSS 9.8
ManageEngine Desktop Central 7.0-9.0 - Path Traversal & Arbitrary File Write via AgentLogUploader
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.
by Security-Assessment.com
CVSS 9.8
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 - Unauthenticated Authentication Bypass via TCP Port 37777
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.
by Jake Reynolds
Supermicro Onboard IPMI CGI Vulnerability Scanner
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter.
by Metasploit
Limonade Framework - 'limonade.php' Local File Disclosure
by Yashar shahinzadeh
Google Gmail IOS Mobile Application - Persistent Cross-Site Scripting
by Ali Raza
CoolPlayer+ Portable 2.19.4 - Local Buffer Overflow
by Mike Czumak
WBR-3406 Wireless Broadband NAT Router - Web-Console Password Change Bypass / Cross-Site Request Forgery
by Yakir Wizman
LevelOne WBR-3406TX Router - Cross-Site Request Forgery
by Yakir Wizman
By Source