Exploitdb Exploits
50,076 exploits tracked across all sources.
InstantCMS < 1.6 - Remote PHP Code Execution via Search View Handler
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote attacker can exploit this flaw by sending a crafted HTTP GET request with a base64-encoded payload in the Cmd header, resulting in arbitrary PHP code execution within the context of the web server.
by Metasploit
CVSS 9.8
OpenX 2.8.10 - Cross-Site Request Forgery via Plugin Preferences and Settings
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.
by High-Tech Bridge SA
Kasseler CMS < 2 - Cross-Site Request Forgery via Admin PHP Parameters
Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail module or (2) query parameter in a sql_query action in the database module to admin.php, related to CVE-2013-3727.
by High-Tech Bridge SA
Mobile Atlas Creator 1.9.12 - Persistent Command Injection
by Vulnerability-Lab
ABBS Audio Media Player - '.LST' Local Buffer Overflow (Metasploit)
by Metasploit
Android 1.6-4.2 - Unauthenticated Arbitrary Code Execution via APK Signature Bypass
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature, probably involving multiple entries in a Zip file with the same name in which one entry is validated but the other entry is installed, aka Android security bug 8219321 and the "Master Key" vulnerability.
by Bluebox Security
Machform 2 - Unauthenticated Arbitrary File Upload and Remote Code Execution via view.php
Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.
by Yashar shahinzadeh
Machform 2 - SQL Injection via element_2 Parameter
SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter.
by Yashar shahinzadeh
Microsoft Windows - Denial of Service via EPATHOBJ::bFlatten Path Traversal
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
by Metasploit
Winamp <5.64 Build 3418 - Buffer Overflow
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.
by Julien Ahrens
Winamp 5.63 - Arbitrary Code Execution via Invalid Pointer Dereference
Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution
by Julien Ahrens
CVSS 7.8
WordPress Plugin WP Feed - 'nid' SQL Injection
by Iranian Exploit DataBase
Category Grid View Gallery 2.3.1 - Cross-Site Scripting via ID Parameter
Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
by Iranian Exploit DataBase
Machform 2 - Cross-Site Scripting via view.php element_2 Parameter
Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.
by Yashar shahinzadeh
Fujitsu M10 Firmware < 2290 - Unauthenticated Password Hash Exposure via IPMI RAKP HMAC
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
by Dan Farmer
CVSS 7.5
RealNetworks RealPlayer <16.0.2.32 - DoS
RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string.
by Akshaysinh Vaghela
Static HTTP Server 1.0 - Buffer Overflow
Static HTTP Server 1.0 has a Local Overflow
by Jacob Holcomb
CVSS 9.8
Adrenalin Player 2.2.5.3 - '.wvx' Local Buffer Overflow (SEH)
by MrXors
VideoLAN VLC Media Player 2.0.7 - '.png' Crash (PoC)
by Kevin Fujimoto
Microsoft Windows Media Player 11.0.5721.5230 - Memory Corruption
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.
by Asesino04
GLPI < 0.83.9 - Unauthenticated PHP Object Unserialization via _predefined_fields Parameter
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
by Xavier Mehrenberger
By Source