Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-5962 EXPLOITDB text
Gallery Manager Plugin < 3.3.4 rev40279 - Unauthenticated Arbitrary File Upload and RCE via upload-images.php
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/.
by Vulnerability-Lab
CVE-2013-10046 EXPLOITDB HIGH ruby VERIFIED
Agnitum Outpost Internet Security 8.1 - Privilege Escalation
A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accepts unauthenticated commands. By exploiting a directory traversal weakness in the pipe protocol, an attacker can instruct the service to load a malicious DLL from a user-controlled location. The DLL is then executed in the context of the privileged service.
by Metasploit
CVE-2013-10044 EXPLOITDB HIGH text VERIFIED
OpenEMR < 4.1.1 Patch 14 - SQL Injection
An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system.
by xistence
CVSS 8.8
CVE-2013-4730 EXPLOITDB ruby
pcman's ftp server 2.0.7 - Unauthenticated Buffer Overflow via USER Command
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by Rick Flores
CVE-2013-2472 EXPLOITDB text
Oracle Java SE <7u21,6u45,5u45 - Info Disclosure
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D.
by Packet Storm
CVE-2013-4812 EXPLOITDB ruby VERIFIED
HP Identity Driven Manager 4.0 - Remote Code Execution via UpdateCertificatesServlet File Upload
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
by Metasploit
CVE-2013-4811 EXPLOITDB ruby VERIFIED
HP Identity Driven Manager 4.0 - Remote Code Execution via SNAC UpdateDomainControllerServlet
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
by Metasploit
EIP-2026-114782 EXPLOITDB ruby VERIFIED
D-Link Devices - UPnP SOAP TelnetD Command Execution (Metasploit)
by Metasploit
EIP-2026-114017 EXPLOITDB text VERIFIED
WordPress Plugin RokStories - 'thumb.php' Multiple Vulnerabilities
by MustLive
EIP-2026-113394 EXPLOITDB text VERIFIED
Western Digital Arkeia Appliance 10.0.10 - Multiple Vulnerabilities
by xistence
CVE-2013-1727 EXPLOITDB java VERIFIED
Firefox < 24.0 - Same Origin Policy Bypass and Cross-Site Scripting via Symlink and file: URL
Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.
by Takeshi Terada
CVE-2013-4983 EXPLOITDB ruby VERIFIED
Sophos Web Appliance <3.7.9.1, <3.8.1.1 - Command Injection
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
by Metasploit
CVE-2013-4984 EXPLOITDB ruby VERIFIED
Sophos Web Appliance <3.7.9.1, <3.8-3.8.1.1 - Privilege Escalation
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
by Metasploit
CVE-2013-5745 EXPLOITDB text VERIFIED
GNOME Vino < 3.7.3 - Denial of Service via Authentication Error Handling
The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.
by Trustwave's SpiderLabs
CVE-2013-2817 EXPLOITDB html
Mitsubishi Electric Automation MC-WorX Suite 8.02 - RCE
An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click.
by blake
EIP-2026-101962 EXPLOITDB text
Router ONO Hitron CDE-30364 - Cross-Site Request Forgery
by Matias Mingorance Svensson
CVE-2010-4513 EXPLOITDB text VERIFIED
zimplit_cms < 3.0 - Cross-Site Scripting via file and client Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php.
by Yashar shahinzadeh
EIP-2026-113910 EXPLOITDB text VERIFIED
WordPress Plugin mukioplayer4wp - 'cid' SQL Injection
by Ashiyane Digital Security Team
EIP-2026-101107 EXPLOITDB python
Vestel TV 42pf9322 - Denial of Service
by HackerSofi
CVE-2013-3179 EXPLOITDB text
Microsoft SharePoint Server 2007 SP3, 2010 SP1/SP2, 2013 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
by Vulnerability-Lab
EIP-2026-116385 EXPLOITDB python VERIFIED
Target Longlife Media Player 2.0.2.0 - '.wav' Crash (PoC)
by gunslinger_
EIP-2026-103324 EXPLOITDB text
Synology DiskStation Manager (DSM) 4.3-3776 - Multiple Vulnerabilities
by Andrea Fabrizi
EIP-2026-102299 EXPLOITDB text
Talkie Bluetooth Video iFiles 2.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2013-5730 EXPLOITDB text
D-Link DSL-2740B Firmware EU_1.00 - Cross-Site Request Forgery via Wireless MAC Filter, Firewall, or Remote Management
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to wlmacflt.cmd, (2) enable or disable firewall protections via a request to scdmz.cmd, or (3) enable or disable remote management via a save action to scsrvcntr.cmd.
by Ivano Binetti
CVE-2013-4015 EXPLOITDB ruby VERIFIED
Microsoft Internet Explorer 6-10 - Local Privilege Escalation via Sandboxed Code Execution
Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code.
by Metasploit