Exploitdb Exploits
50,076 exploits tracked across all sources.
Magnolia Form module <1.4.7-2.0.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html.
by High-Tech Bridge
FOSCAM IP Camera FI8620 - Info Disclosure
An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information.
by Core Security
CVSS 7.5
D-Link DIR-300, DIR-600 < 2.17b01, DIR-645 < 1.04b11, DIR-845 < 1.02b03, DIR-865 - OS Command Injection
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
by Metasploit
CVSS 9.8
VMware vCenter Chargeback Manager < 2.5.1 - Remote Code Execution via Unsafe Upload Handling
VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors.
by Metasploit
Super Player 3500 - '.m3u' Local Stack Buffer Overflow
by jun
XnView < 2.04 - Remote Code Execution via Crafted PCT File
Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file.
by Core Security
Microsoft Windows - Remote Code Execution via Crafted GIF File
DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
by Andrés Gómez Ramírez
Artweaver < 3.1.6 - Buffer Overflow via Crafted AWD File
Buffer overflow in Artweaver before 3.1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AWD file.
by Core Security
Redhat Openstack < 1.2.0 - Code Injection
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
by Metasploit
Samsung PS50C7700 Television Firmware - Denial of Service via Long URI to TCP Port 5600
The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600.
by Malik Mesellem
pcman's ftp server 2.0.7 - Unauthenticated Buffer Overflow via USER Command
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by MSJ
HP Managed Printing Administration <2.6.4 - Path Traversal
Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.
by Metasploit
Apple QuickTime < 7.7.4 - Remote Code Execution via Crafted Dref Atoms
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file.
by Metasploit
WordPress Plugin FlagEm - 'cID' Cross-Site Scripting
by IeDb ir
MLM (Multi Level Marketing) Script - Multiple Vulnerabilities
by 3spi0n
Barracuda LB / SVF / WAF / WEF - Multiple Vulnerabilities
by Vulnerability-Lab
Dell PacketTrap PSA 7.1 - Multiple Cross-Site Scripting Vulnerabilities
by Vulnerability-Lab
Dell PacketTrap MSP RMM 6.6.x - Multiple Cross-Site Scripting Vulnerabilities
by Vulnerability-Lab
Symantec Workspace Virtualization <6.4.1953.0 - Privilege Escalation
Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a virtual application layer is configured, allows local users to gain privileges via an application that performs crafted interaction with the operating system.
by MJ0011
By Source