Exploitdb Exploits
50,083 exploits tracked across all sources.
No-IP Dynamic Update Client (DUC) 2.1.9 - Local IP Address Stack Overflow
by Alberto Ortega
Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Wireless Disk PRO 2.3 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
File Lite 3.3/3.5 PRO iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Wifi Photo Transfer 2.1/1.1 PRO - Multiple Vulnerabilities
by Vulnerability-Lab
Lan Messenger - sending PM 'UNICODE' Overwrite Buffer Overflow (SEH)
by ariarat
WordPress Plugin Securimage-WP - 'siwp_test.php' Cross-Site Scripting
by Gjoko Krstic
Securimage - 'example_form.php' Cross-Site Scripting
by Gjoko Krstic
MoinMoin < 1.9.6 - Authenticated Remote Code Execution via File Upload
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.
by HTP
MoinMoin < 1.9.6 - Authenticated Path Traversal and Arbitrary File Write via Twikidraw and Anywikidraw Actions
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.
by HTP
Adobe ColdFusion <10 - Info Disclosure
Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.
by HTP
Huawei AR 150, 200, 1200, 2200, and 3200 - Stack-based Buffer Overflow via SNMPv3 Requests
Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests.
by Roberto Paleari
Cisco Linksys E4200 1.0.05 - Code Injection
Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.
by sqlhacker
CVSS 8.1
Microsoft Internet Explorer 8 - Remote Code Execution via Use-After-Free
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
by Metasploit
CVSS 8.8
AudioCoder - '.m3u' Local Buffer Overflow (Metasploit)
by Metasploit
NetApp OnCommand System Manager <2.2 - XSS
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.
by M. Heinzl
CVSS 6.1
NetApp OnCommand System Manager <2.2 - XSS
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.
by M. Heinzl
CVSS 6.1
MyBB Game Section Plugin - 'games.php' Multiple Cross-Site Scripting Vulnerabilities
by anonymous
b2evolution < 4.1.7 - Authenticated SQL Injection via show_statuses[] Parameter
SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
by High-Tech Bridge SA
Dovecot with Exim - 'sender_address' Remote Command Execution
by RedTeam Pentesting GmbH
Cisco Linksys E4200 1.0.05 Build 7 - Cross-Site Scripting
Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by sqlhacker
CVSS 6.1
Huawei AR 150, 200, 1200, 2200, and 3200 - Denial of Service via Malformed SNMPv3 Requests
Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified overflow issues.
by Roberto Paleari
By Source