Exploitdb Exploits
50,076 exploits tracked across all sources.
Oracle GlassFish Server <12.1.2 - Info Disclosure
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.
by Alex Kouzemtchenko
DornCMS Application 1.4 - Multiple Web Vulnerabilities
by Vulnerability-Lab
UbiDisk File Manager 2.0 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
OliveOffice Mobile Suite 2.0.3 iOS - Local File Inclusion
by Vulnerability-Lab
My File Explorer 1.3.1 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
iPhone OS < 6.1.4 - Passcode Lock Bypass via Race Condition
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.
by Vulnerability-Lab
Level One Enterprise Access Point (Multiple Devices) - 'backupCfg.cgi' Security Bypass
by Richard Weinberger
Cart66 Lite Plugin < 1.5.1.15 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or conduct cross-site scripting (XSS) attacks via the (2) Product name or (3) Price description field in a product save action via a request to wp-admin/admin.php.
by absane
Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Local Buffer Overflow (SEH)
by metacom
Cart66 Lite Plugin < 1.5.1.14 - Cross-Site Scripting via Product Name or Price Description
Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.
by absane
CVSS 6.1
StatusNet/Laconica 0.7.4/0.8.2/0.9.0beta3 - Arbitrary File Reading
by spiderboy
VMware Hyperic HQ 4.6.6 - Authenticated Remote Code Execution via Groovy Script Console
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call.
by Metasploit
D-Link DIR-100 - Authenticated Stack-Based Buffer Overflow via Ping Diagnostic Parameter
Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi.
by Craig Heffner
Android < 4.0.3 - Denial of Service via Zygote Process Fork Request
The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.
by Luca Verderame
vBulletin 4.1 and 5 - Unauthenticated Administrative Account Creation via install/upgrade.php
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.
by Joshua Rogers
FortiAnalyzer < 5.0.5 - Cross-Site Request Forgery via csrf_token Parameter
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
by William Costa
IBM Cognos Business Intelligence 8.4.1-10.2.1.1 - Authenticated XML External Entity Injection
IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by IBM
ALLPlayer 5.6.2-5.8.1 - Buffer Overflow via .m3u Playlist File
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
by metacom
Ziteman CMS - Login Page SQL Injection
by Ashiyane Digital Security Team
Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection
by Giuseppe D'Amore
ONO Hitron CDE-30364 Router - Denial of Service
by Matias Mingorance Svensson
Bugzilla 4.1.x-4.2.x < 4.2.7 and 4.3.x-4.4.x < 4.4.1 - Cross-Site Scripting via Tabular Report Field Values
Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189.
by Mateusz Goik
By Source