Exploitdb Exploits
50,083 exploits tracked across all sources.
WordPress Plugin User Role Editor 3.12 - Cross-Site Request Forgery
by Henry Hoggard
WordPress Plugin Spider Event Calendar 1.3.0 - Multiple Vulnerabilities
by waraxe
WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities
by waraxe
RadioCMS 2.2 - SQL Injection via meneger.php playlist_id Parameter
SQL injection vulnerability in meneger.php in RadioCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.
by Rooster(XEKA)
Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' Handling Local Command Execution
by Vulnerability-Lab
D-Link DIR-615H1 <8.04 - Command Injection
An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. The web interface fails to sanitize input passed from the ping_ipaddr parameter to the tools_vct.htm diagnostic interface, allowing attackers to inject arbitrary shell commands using backtick encapsulation. With default credentials, an attacker can exploit this blind injection vector to execute arbitrary commands.
by Metasploit
CVSS 7.2
Linksys router <v2.0.03 - Command Injection
An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails to properly sanitize user-supplied input passed to the ping_size parameter during diagnostic operations. An attacker with valid credentials can inject arbitrary shell commands, enabling remote code execution.
by Metasploit
Kimai 0.9.2.x - Unauthenticated SQL Injection via db_restore.php dates[] Parameter
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to remote code execution by writing a PHP payload to the web-accessible temporary directory. The vulnerability has been confirmed in versions including 0.9.2.beta, 0.9.2.1294.beta, and 0.9.2.1306-3.
by drone
Windows - Local Privilege Escalation via EPATHOBJ::pprFlattenRec Pointer Initialization
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
by Tavis Ormandy
CVSS 7.8
Ophcrack 3.5.0 - Code Execution Local Buffer Overflow
by xis_one
Microsoft Windows - Denial of Service via EPATHOBJ::bFlatten Path Traversal
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
by Tavis Ormandy
WordPress Plugin ProPlayer 4.7.9.1 - SQL Injection
by Ashiyane Digital Security Team
rrdtool 1.4.7 - Denial of Service via Format String Specifiers in rrdtool.graph
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.
by Thomas Pollet
Exponent CMS <2.2.0 - SQL Injection
Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.
by High-Tech Bridge SA
Drupal Module CKEditor < 4.1WYSIWYG (Drupal 6.x/7.x) - Persistent Cross-Site Scripting
by r0ng
Mutiny < 5.0-1.11 - Authenticated Path Traversal and Arbitrary File Write via EditDocument Servlet
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
by Metasploit
nginx 1.3.9-1.4.0 - Remote Code Execution via Chunked Transfer-Encoding
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
by Mert SARICA
WordPress WP Cleanfix Plugin 2.4.4 - Cross-Site Request Forgery
WordPress WP Cleanfix Plugin 2.4.4 has CSRF
by Enigma Ideas
CVSS 5.4
By Source