Exploitdb Exploits
50,083 exploits tracked across all sources.
Social Site Generator 2.2 - Cross-Site Request Forgery (Add Admin)
by Fallaga
OpenDocMan 1.2.6.5 - Persistent Cross-Site Scripting
by drone
Joomla! Component dj-classifieds 2.0 - Blind SQL Injection
by Napsterakos
ABBS Audio Media Player 3.1 - '.lst' Local Buffer Overflow
by Julien Ahrens
Dlink Dcs-3411 Firmware - OS Command Injection
A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface.
by Core Security
CVSS 9.8
Vivotek PT7135 Firmware 0300a/0400a - Cleartext Credential Storage Exposes Sensitive Information
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.
by Core Security
CVSS 7.5
Power Software WinArchiver 3.2 - Remote Code Execution via Crafted ZIP File
Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file.
by RealPentesting
FuzeZip 1.0.0.131625 - Local Buffer Overflow
FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability
by RealPentesting
CVSS 7.8
Kingsoft WPS Office <8.1.0.3238 - Buffer Overflow
Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string.
by Zhangjiantao
Syslog Watcher Pro 2.8.0.812 - 'Date' Cross-Site Scripting
by demonalex
W3 Total Cache < 0.9.2.8 - Remote PHP Code Execution
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
by Metasploit
CVSS 9.8
phpMyAdmin <3.5.8 and <4.0.0-rc3 - Authenticated RCE
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.
by Metasploit
sudo 1.8.0-1.8.3p1 - Local Use-After-Free via Format String in sudo_debug
Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
by aeon
Vivotek PT7135 Firmware 0300a and 0400a - OS Command Injection via system.ntp Parameter
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.
by Core Security
CVSS 8.8
D-Link DCS and WCS Firmware - Unauthenticated Remote Access via Hard-coded Credentials
An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03 due to hard-coded credentials that serve as a backdoor, which allows remote attackers to access the RTSP video stream.
by Core Security
CVSS 5.3
Elecard MPEG Player - '.m3u' File Buffer Overflow
by metacom
By Source