Exploitdb Exploits
50,076 exploits tracked across all sources.
Bugzilla 2.x-4.0.10, 4.1.x-4.2.6, 4.3.x-4.4.0 - Cross-Site Scripting via editflagtypes.cgi id or sortkey Parameter
Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) sortkey parameter.
by Mateusz Goik
HP LoadRunner < 11.52 - Remote Code Execution
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.
by Metasploit
GestioIP - Remote Command Execution (Metasploit)
by Metasploit
WordPress Plugin WP-Realty - 'listing_id' SQL Injection
by Napsterakos
WordPress Plugin Quick Contact Form 6.0 - Persistent Cross-Site Scripting
by Zy0d0x
Alienvault Open Source SIEM (OSSIM) - 'Timestamp' Directory Traversal
by Ding Yu-Chi
Apple Motion 5.0.7 - Denial of Service via OZDocument::parseElement Integer Overflow
Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file.
by Jean Pascal Pereira
davfs2 1.4.6-1.4.7 - Privilege Escalation via System Function in kernel_interface.c and mount_davfs.c
WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function.
by Lorenzo Cantoni
WordPress Plugin Woopra Analytics - 'ofc_upload_image.php' Arbitrary PHP Code Execution
by wantexz
FlashChat 6.0.2, 6.0.4-6.0.8 - Unauthenticated Arbitrary File Upload via upload.php
An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to properly validate file types and authentication, allowing attackers to upload malicious PHP scripts. Once uploaded, these scripts can be executed remotely, resulting in arbitrary code execution as the web server user.
by x-hayben21
SIEMENS Solid Edge ST4 SEListCtrlX - ActiveX Remote Code Execution (Metasploit)
by Metasploit
elproLOG MONITOR Webaccess 2.1 - Multiple Vulnerabilities
by Vulnerability-Lab
Aanval 7.1 build 70151 - Multiple Vulnerabilities
by xistence
HP ProCurve Manager and Application Lifecycle Management - Remote Code Execution via Marshalled Object
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.
by rgod
CVSS 9.8
FreeBSD Intel SYSRET Privilege Escalation
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
by CurcolHekerLink
WordPress Plugin SEO Watcher - 'ofc_upload_image.php' Arbitrary PHP Code Execution
by wantexz
SPAMINA Cloud Email Firewall - Directory Traversal
by Sisco Barrera
Gnew 2013.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers and disclosure dates. CVE-2013-7349 already covers the news_id parameter to news/send.php, user_email parameter to users/register.php, and thread_id to posts/edit.php vectors.
by High-Tech Bridge SA
Gnew < 2013.1 - Path Traversal via gnew_language Cookie
Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the gnew_language cookie.
by High-Tech Bridge SA
Microsoft Internet Explorer 6-11 - Remote Code Execution via SetMouseCapture Use-After-Free
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
by Metasploit
CVSS 8.8
freeFTPd 1.0.10 - 'PASS' Remote Buffer Overflow (Metasploit)
by Metasploit
Gnew 2013.1 - SQL Injection via news_id, thread_id, or user_email Parameter
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates.
by High-Tech Bridge SA
GLPI < 0.84.2 - Cross-Site Request Forgery and SQL Injection via Install Script
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
by High-Tech Bridge SA
By Source