Exploitdb Exploits
50,076 exploits tracked across all sources.
Gallery Manager Plugin < 3.3.4 rev40279 - Unauthenticated Arbitrary File Upload and RCE via upload-images.php
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/.
by Vulnerability-Lab
Agnitum Outpost Internet Security 8.1 - Privilege Escalation
A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accepts unauthenticated commands. By exploiting a directory traversal weakness in the pipe protocol, an attacker can instruct the service to load a malicious DLL from a user-controlled location. The DLL is then executed in the context of the privileged service.
by Metasploit
OpenEMR < 4.1.1 Patch 14 - SQL Injection
An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system.
by xistence
CVSS 8.8
pcman's ftp server 2.0.7 - Unauthenticated Buffer Overflow via USER Command
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by Rick Flores
Oracle Java SE <7u21,6u45,5u45 - Info Disclosure
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D.
by Packet Storm
HP Identity Driven Manager 4.0 - Remote Code Execution via UpdateCertificatesServlet File Upload
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
by Metasploit
HP Identity Driven Manager 4.0 - Remote Code Execution via SNAC UpdateDomainControllerServlet
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
by Metasploit
D-Link Devices - UPnP SOAP TelnetD Command Execution (Metasploit)
by Metasploit
WordPress Plugin RokStories - 'thumb.php' Multiple Vulnerabilities
by MustLive
Western Digital Arkeia Appliance 10.0.10 - Multiple Vulnerabilities
by xistence
Firefox < 24.0 - Same Origin Policy Bypass and Cross-Site Scripting via Symlink and file: URL
Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.
by Takeshi Terada
Sophos Web Appliance <3.7.9.1, <3.8.1.1 - Command Injection
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
by Metasploit
Sophos Web Appliance <3.7.9.1, <3.8-3.8.1.1 - Privilege Escalation
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
by Metasploit
GNOME Vino < 3.7.3 - Denial of Service via Authentication Error Handling
The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.
by Trustwave's SpiderLabs
Mitsubishi Electric Automation MC-WorX Suite 8.02 - RCE
An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click.
by blake
Router ONO Hitron CDE-30364 - Cross-Site Request Forgery
by Matias Mingorance Svensson
zimplit_cms < 3.0 - Cross-Site Scripting via file and client Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php.
by Yashar shahinzadeh
WordPress Plugin mukioplayer4wp - 'cid' SQL Injection
by Ashiyane Digital Security Team
Microsoft SharePoint Server 2007 SP3, 2010 SP1/SP2, 2013 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
by Vulnerability-Lab
Target Longlife Media Player 2.0.2.0 - '.wav' Crash (PoC)
by gunslinger_
Synology DiskStation Manager (DSM) 4.3-3776 - Multiple Vulnerabilities
by Andrea Fabrizi
Talkie Bluetooth Video iFiles 2.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
D-Link DSL-2740B Firmware EU_1.00 - Cross-Site Request Forgery via Wireless MAC Filter, Firewall, or Remote Management
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to wlmacflt.cmd, (2) enable or disable firewall protections via a request to scdmz.cmd, or (3) enable or disable remote management via a save action to scsrvcntr.cmd.
by Ivano Binetti
Microsoft Internet Explorer 6-10 - Local Privilege Escalation via Sandboxed Code Execution
Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code.
by Metasploit
By Source