Exploitdb Exploits
50,076 exploits tracked across all sources.
IBM AIX 6.1/7.1 & VIOS 2.2.2.2-FP-26 SP-02 - Privilege Escalation
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
by Kristian Erik Hermansen
Windows XP/Vista/Server 2003/2008 RCE via Crafted Screensaver in Theme File
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability."
by Metasploit
CVSS 8.1
Microsoft Internet Explorer <9 - Code Injection
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
by Metasploit
NOSpam PTI 2.1 - SQL Injection via comment_post_ID Parameter
SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter.
by Alexandro Silva
SilverStripe CMS - Multiple HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
GLPI < 0.84.2 - Cross-Site Request Forgery and SQL Injection via Install Script
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
by Metasploit
Blue Coat ProxySG 5.x and Security Gateway OS - Denial of Service
by anonymous
Cisco Linksys WRT110 Firmware - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
by Metasploit
CVSS 8.8
SolarWinds Server and Application Monitor - ActiveX 'Pepco32c' Buffer Overflow
by blake
Lazy SEO 1.1.9 - Unauthenticated Arbitrary File Upload and Remote Code Execution via lazyseo.php
Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/.
by Ashiyane Digital Security Team
FiberHome Modem Router HG-110 - Authentication Bypass To Remote Change DNS Servers
by Javier Perez
Joomla! Component JVideoClip 1.5.1 - 'uid' SQL Injection
by SixP4ck3r
OpenEMR < 4.1.1 Patch 14 - SQL Injection
An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system.
by xistence
CVSS 8.8
vtiger CRM < 5.4.0 - Authenticated SQL Injection via onlyforuser Parameter
SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559.
by High-Tech Bridge SA
Western Digital Arkeia < 10.0.10 - Remote Code Execution (Metasploit)
by xistence
WordPress Plugin RokMicroNews - 'thumb.php' Multiple Vulnerabilities
by MustLive
WordPress Plugin RokIntroScroller - 'thumb.php' Multiple Vulnerabilities
by MustLive
TeraCopy 2.3 - 'default.mo' Language File Integer Overflow
by LiquidWorm
WordPress Plugin RokNewsPager - 'thumb.php' Multiple Vulnerabilities
by MustLive
By Source