Exploitdb Exploits
50,076 exploits tracked across all sources.
DDSN Interactive cm3 Acora CMS - Info Disclosure
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx.
by Pedro Andujar
Loftek Nexus 543 Firmware - Unauthenticated Sensitive Information Exposure via get_realip.cgi and get_status.cgi
The Loftek Nexus 543 IP Camera allows remote attackers to obtain (1) IP addresses via a request to get_realip.cgi or (2) firmware versions (ui and system), timestamp, serial number, p2p port number, and wifi status via a request to get_status.cgi.
by Craig Young
CVSS 7.5
Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution
by Aodrulez
dreamMail e-mail client 4.6.9.2 - Persistent Cross-Site Scripting
by loneferret
SearchBlox < 7.5 - Exposure of Sensitive Information via CollectionListServlet
servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action.
by Ricky Roane Jr
DeWeS web server <0.4.2 - Path Traversal
Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a GET request.
by High-Tech Bridge SA
Ovidentia 6.6.5 - SQL Injection via Item Parameter in Contact Modify Action
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action.
by LiquidWorm
CBHotel Hotel Software and Booking system 1.8 - Multiple Vulnerabilities
by Dylan Irzi
Redhat Openstack < 1.2.0 - Access Control
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
by Metasploit
VMware Workstation 8.x-9.x and Player 4.x-5.x - Privilege Escalation via PATH lsb_release Hijacking
vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function.
by Tavis Ormandy
Samba 3.x-3.5.21, 3.6.x-3.6.16, 4.x-4.0.7 - Denial of Service via Malformed NTTRANS Packet
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
by x90c
NETGEAR ProSafe Firmware - Sensitive Information Exposure via Direct Request
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config.
by Juan J. Guelfo
NETGEAR ProSafe GS724Tv3/GS716Tv2 <5.4.1.13, GS748Tv4 5.4.1.14, GS510TP 5.0.4.4 - DoS via HTTP Request
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.
by Juan J. Guelfo
freeFTPd < 1.0.10 - Stack-based Buffer Overflow via FTP PASS Command
A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.
by Wireghoul
CVSS 9.8
Adobe ColdFusion 9.0-9.0.2, 10 - Unauthenticated Authentication Bypass and Remote Code Execution via RDS Component
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.
by Scott Buckel
CVSS 9.8
Oracle Java - 'BytePackedRaster.verify()' Signed Integer Overflow
by Packet Storm
Graphite 0.9.5-0.9.10 - Remote Code Execution via Unsafe Pickle Deserialization
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
by Metasploit
Digital Signage Xibo 1.4.2 - Cross-Site Request Forgery in index.php
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new administrator via the AddUser action or (2) conduct cross-site scripting (XSS) attacks, as demonstrated by CVE-2013-4888.
by Jacob Holcomb
Xibo 1.4.2 - Cross-Site Scripting via Layout Parameter
Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page.
by Jacob Holcomb
WordPress Plugin ThinkIT 0.1 - Multiple Vulnerabilities
by Yashar shahinzadeh
DeWeS web server <0.4.2 - Path Traversal
Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a GET request.
by High-Tech Bridge
Bitbot (C2 Web Panel) - 'gate2.php' Multiple Vulnerabilities
by bwall
Sitecom N300/N600 Devices - Multiple Vulnerabilities
by Roberto Paleari
Samsung Smart Viewer - Unauthenticated Authentication Bypass via SessionID Cookie
Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie.
by Andrea Fabrizi
Schneider Electric PLC ETY Series Ethernet Controller - Denial of Service
by Arash Abedian
By Source