Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-4862 EXPLOITDB HIGH text VERIFIED
MiCasaVerde VeraLite <1.5.408 - Privilege Escalation
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.
by Trustwave's SpiderLabs
CVSS 8.1
CVE-2013-4861 EXPLOITDB MEDIUM text VERIFIED
MiCasaVerde VeraLite <1.5.408 - Path Traversal
Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter.
by Trustwave's SpiderLabs
CVSS 6.5
CVE-2013-3212 EXPLOITDB HIGH text
vtiger CRM < 5.4.0 - Local File Inclusion and Remote Code Execution via customerportal.php
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.
by EgiX
CVSS 8.1
CVE-2013-10046 EXPLOITDB HIGH text VERIFIED
Agnitum Outpost Internet Security 8.1 - Privilege Escalation
A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accepts unauthenticated commands. By exploiting a directory traversal weakness in the pipe protocol, an attacker can instruct the service to load a malicious DLL from a user-controlled location. The DLL is then executed in the context of the privileged service.
by Ahmad Moghimi
CVE-2013-3803 EXPLOITDB text VERIFIED
Oracle Hyperion <11.1.2.305 - Info Disclosure
Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2.305 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Intelligence Service.
by Richard Warren
CVE-2013-4730 EXPLOITDB python VERIFIED
pcman's ftp server 2.0.7 - Unauthenticated Buffer Overflow via USER Command
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by Ottomatik
CVE-2011-0922 EXPLOITDB ruby VERIFIED
HP Data Protector - Remote Code Execution via EXEC_SETUP Command
The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.
by Ben Turner
CVE-2013-0008 EXPLOITDB ruby VERIFIED
Windows Vista/7/8, Server 2008/2012, RT - Privilege Escalation via Win32k Window Broadcast
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
by Metasploit
EIP-2026-116392 EXPLOITDB text
TEC-IT TBarCode - OCX ActiveX Control (TBarCode4.ocx 4.1.0) Crash (PoC)
by d3b4g
EIP-2026-115202 EXPLOITDB python VERIFIED
EchoVNC Viewer - Remote Denial of Service
by Z3r0n3
EIP-2026-114799 EXPLOITDB ruby VERIFIED
PineApp Mail-SeCure - 'livelog.html' Arbitrary Command Execution (Metasploit)
by Metasploit
EIP-2026-113594 EXPLOITDB text
WordPress Plugin Better WP Security 3.4.8/3.4.9/3.4.10/3.5.2/3.5.3 - Persistent Cross-Site Scripting
by Richard Warren
CVE-2013-3215 EXPLOITDB CRITICAL text
vtiger CRM 5.1.0-5.4.0 - Authentication Bypass via Improper Session Validation
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
by EgiX
CVSS 9.8
EIP-2026-112590 EXPLOITDB text
Telmanik CMS Press 1.01b - 'pages.php?page_name' SQL Injection
by Anarchy Angel
CVE-2013-4898 EXPLOITDB text
Timeline Plugin 4.2.5p9 for SocialEngine - Arbitrary File Upload & RCE via User Profile
Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in public/temporary/timeline/.
by spyk2r
CVE-2013-5318 EXPLOITDB text VERIFIED
Ginkgo CMS 5.0 - SQL Injection
SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the rang parameter to index.php.
by Raw-x
EIP-2026-107310 EXPLOITDB text
FunGamez - Arbitrary File Upload
by cr4wl3r
CVE-2013-4789 EXPLOITDB text VERIFIED
Cotonti Siena < 0.9.14 - SQL Injection via RSS Module c Parameter
SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php.
by High-Tech Bridge SA
EIP-2026-105467 EXPLOITDB html
BigACE 2.7.8 - Cross-Site Request Forgery (Add Admin)
by Yashar shahinzadeh
EIP-2026-104764 EXPLOITDB ruby VERIFIED
PineApp Mail-SeCure - 'test_li_connection.php' Arbitrary Command Execution (Metasploit)
by Metasploit
EIP-2026-104763 EXPLOITDB ruby
PineApp Mail-SeCure - 'ldapsyncnow.php' Arbitrary Command Execution (Metasploit)
by Metasploit
CVE-2013-0268 EXPLOITDB c
Linux Kernel < 3.7.6 - Local Privilege Escalation via MSR Device Access
The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.
by spender
CVE-2013-5006 EXPLOITDB text
Western Digital My Net - Info Disclosure
main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code.
by Kyle Lovett
CVE-2013-2581 EXPLOITDB text VERIFIED
TP-Link IP Cameras <LM.1.6.18P12_sign6 - RCE
cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the firmware revision via a "preset" action.
by Core Security
CVE-2013-4865 EXPLOITDB MEDIUM text VERIFIED
MiCasaVerde VeraLite <1.5.408 - CSRF
Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter.
by Trustwave's SpiderLabs
CVSS 6.5