Exploitdb Exploits
50,083 exploits tracked across all sources.
Mail On Update < 5.1.0 - Cross-Site Request Forgery via mailonupdate_mailto Parameter
Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change the "List of alternative recipients" via the mailonupdate_mailto parameter in the mail-on-update page to wp-admin/options-general.php. NOTE: a third party claims that 5.2.1 and 5.2.2 are also vulnerable, but the issue might require a separate CVE identifier since this might reflect an incomplete fix.
by Henri Salo
Serva32 2.1.0 - Buffer Overflow via TFTP Read Request
Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in a read request.
by Sapling
WordPress Plugin wp-FileManager - 'path' Arbitrary File Download
by ByEge
jojo-cms < 1.2.2 - SQL Injection via X-Forwarded-For Header
SQL injection vulnerability in the checkEmailFormat function in plugins/jojo_core/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/.
by High-Tech Bridge SA
jojo-cms < 1.2.2 - Cross-Site Scripting via Forgot Password Search Parameter
Cross-site scripting (XSS) vulnerability in plugins/jojo_core/forgot_password.php in Jojo before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter to forgot-password/.
by High-Tech Bridge SA
ERDAS ER Viewer <13.00.0001 - Buffer Overflow
Stack-based buffer overflow in the ERM_convert_to_correct_webpath function in ermapper_u.dll in ERDAS ER Viewer before 13.00.0001 allows remote attackers to execute arbitrary code via a crafted pathname in an ERS file.
by Metasploit
WordPress Plugin wp-FileManager - Arbitrary File Download
by ByEge
WHMCS 4.x - 'invoicefunctions.php?id' SQL Injection
by Ahmed Aboul-Ela
umi.cms < 2.9 - Cross-Site Request Forgery via Admin User Addition
Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/.
by High-Tech Bridge SA
Open Flash Chart - 'get-data' Cross-Site Scripting
by Deepankar Arora
Invision Power Board 1.x?/2.x/3.x - Admin Takeover
by John JEAN
Alienvault Open Source SIEM (OSSIM) 4.1.2 - Multiple SQL Injections
by RunRunLevel
SAP SOAP RFC - SXPG_COMMAND_EXECUTE Remote Command Execution (Metasploit)
by Metasploit
SAP SOAP RFC - SXPG_CALL_SYSTEM Remote Command Execution (Metasploit)
by Metasploit
Linux Kernel < 3.8.9 - Privilege Escalation via uid_map and gid_map File Handling
kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process.
by Andrew Lutomirski
Linux Kernel < 3.0.75 - Local Privilege Escalation via perf_event_open System Call
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
by sd
CVSS 8.4
GetSimpleCMS <3.2.1 - Authenticated RCE
An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper validation of MIME types or extensions. By uploading a .pht file containing PHP code, an attacker can bypass blacklist-based restrictions and place executable code within the web root. A crafted request using a polyglot or disguised extension allows the attacker to execute the payload by accessing the file directly via the web server. This vulnerability exists due to the use of a blacklist for filtering file types instead of a whitelist.
by Ahmed Elhady Mohamed
CVSS 8.8
Kloxo <6.1.12 - Privilege Escalation
Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication.
by HTP
Adrenalin Player 2.2.5.3 - '.m3u' Local Buffer Overflow (SEH)
by seaofglass
Microsoft Windows Media Player 11.0.0 - '.wav' Crash (PoC)
by Asesino04
Joomla! Component com_s5clanroster - 'id' SQL Injection
by AtT4CKxT3rR0r1ST
Ajax Availability Calendar 3.x - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
By Source