Exploitdb Exploits
50,076 exploits tracked across all sources.
MiCasaVerde VeraLite <1.5.408 - Privilege Escalation
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.
by Trustwave's SpiderLabs
CVSS 8.1
MiCasaVerde VeraLite <1.5.408 - Path Traversal
Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter.
by Trustwave's SpiderLabs
CVSS 6.5
vtiger CRM < 5.4.0 - Local File Inclusion and Remote Code Execution via customerportal.php
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.
by EgiX
CVSS 8.1
Agnitum Outpost Internet Security 8.1 - Privilege Escalation
A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accepts unauthenticated commands. By exploiting a directory traversal weakness in the pipe protocol, an attacker can instruct the service to load a malicious DLL from a user-controlled location. The DLL is then executed in the context of the privileged service.
by Ahmad Moghimi
Oracle Hyperion <11.1.2.305 - Info Disclosure
Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2.305 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Intelligence Service.
by Richard Warren
pcman's ftp server 2.0.7 - Unauthenticated Buffer Overflow via USER Command
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by Ottomatik
HP Data Protector - Remote Code Execution via EXEC_SETUP Command
The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.
by Ben Turner
Windows Vista/7/8, Server 2008/2012, RT - Privilege Escalation via Win32k Window Broadcast
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
by Metasploit
TEC-IT TBarCode - OCX ActiveX Control (TBarCode4.ocx 4.1.0) Crash (PoC)
by d3b4g
PineApp Mail-SeCure - 'livelog.html' Arbitrary Command Execution (Metasploit)
by Metasploit
WordPress Plugin Better WP Security 3.4.8/3.4.9/3.4.10/3.5.2/3.5.3 - Persistent Cross-Site Scripting
by Richard Warren
vtiger CRM 5.1.0-5.4.0 - Authentication Bypass via Improper Session Validation
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
by EgiX
CVSS 9.8
Telmanik CMS Press 1.01b - 'pages.php?page_name' SQL Injection
by Anarchy Angel
Timeline Plugin 4.2.5p9 for SocialEngine - Arbitrary File Upload & RCE via User Profile
Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in public/temporary/timeline/.
by spyk2r
Ginkgo CMS 5.0 - SQL Injection
SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the rang parameter to index.php.
by Raw-x
Cotonti Siena < 0.9.14 - SQL Injection via RSS Module c Parameter
SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php.
by High-Tech Bridge SA
BigACE 2.7.8 - Cross-Site Request Forgery (Add Admin)
by Yashar shahinzadeh
PineApp Mail-SeCure - 'test_li_connection.php' Arbitrary Command Execution (Metasploit)
by Metasploit
PineApp Mail-SeCure - 'ldapsyncnow.php' Arbitrary Command Execution (Metasploit)
by Metasploit
Linux Kernel < 3.7.6 - Local Privilege Escalation via MSR Device Access
The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.
by spender
Western Digital My Net - Info Disclosure
main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code.
by Kyle Lovett
TP-Link IP Cameras <LM.1.6.18P12_sign6 - RCE
cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the firmware revision via a "preset" action.
by Core Security
MiCasaVerde VeraLite <1.5.408 - CSRF
Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter.
by Trustwave's SpiderLabs
CVSS 6.5
By Source