Exploitdb Exploits
50,076 exploits tracked across all sources.
Apache Tomcat < 5.5.25 - Cross-Site Request Forgery via Manager Application
Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator.
by Ivano Binetti
Google Android <4.4 - Code Injection
Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability
by Jay Freeman
CVSS 9.8
Plogue Sforzando 1.665 - Buffer Overflow (SEH) (PoC)
by Mike Czumak
VideoCharge Watermark Master 2.2.23 - Remote Code Execution via Long SourcePath in WCF File
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.
by metacom
WordPress Theme This Way - 'upload_settings_image.php' Arbitrary File Upload
by Bet0
WordPress Theme Think Responsive 1.0 - Arbitrary File Upload
by Byakuya Kouta
WordPress Theme Switchblade 1.3 - Arbitrary File Upload
by Byakuya Kouta
pdirl PHP Directory Listing 1.0.4 - Cross-Site Scripting
by Vulnerability-Lab
ImpressPages CMS 3.6 - 'manage()' Remote Code Execution
by LiquidWorm
ProcessMaker Open Source 2.x - Code Injection
A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user can execute arbitrary PHP code via multiple endpoints, including appFolderAjax.php, casesStartPage_Ajax.php, and cases_SchedulerGetPlugins.php, by supplying crafted POST requests to parameters such as action and params. These endpoints fail to validate user input and directly invoke PHP functions like system() with user-supplied parameters, enabling remote code execution. The vulnerability affects both Linux and Windows installations and is present in default configurations of versions including 2.0.23 through 2.5.1. The vulnerable skin cannot be removed through the web interface, and exploitation requires only valid user credentials.
by Metasploit
Opsview < 4.4.1 - SQL Injection via service_selection Parameter
SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the service_selection parameter.
by J. Oquendo
ImpressPages CMS 3.6 - Multiple Cross-Site Scripting / SQL Injection Vulnerabilities
by LiquidWorm
vtiger CRM 5.3 and 5.4 - Unrestricted Upload of File with Dangerous Type
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
by Metasploit
CVSS 8.8
NAS4Free <= 9.1.0.1.804 - Authenticated Remote Code Execution via Advanced Execute Command Feature
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy.
by Metasploit
ISPConfig 3.0.5.2 - Arbitrary PHP Code Execution
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution
by Metasploit
CVSS 8.8
PHP < 5.3.13 and 5.4.x < 5.4.3 - Denial of Service via Malformed CGI Query String
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
by noptrix
Zabbix 2.0.9 - Remote Command Execution
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
by Metasploit
CVSS 8.8
openmediavault - Authenticated Remote Code Execution via Cron Service Username Parameter
The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.
by Metasploit
CVSS 8.8
Moodle SpellChecker Path Authenticated Remote Command Execution
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.
by Metasploit
AudioCoder 0.8.22 - '.m3u' Local Buffer Overflow (SEH)
by Mike Czumak
Openbravo ERP <= 3.0 - Authenticated XML External Entity Injection via /ws/dal/XXX Interfaces
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue.
by Tod Beardsley
Unicorn Router WB-3300NR - Cross-Site Request Forgery (Factory Reset/DNS Change)
by absane
By Source