Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-2679 EXPLOITDB MEDIUM text VERIFIED
Linksys E4200 Firmware 1.0.05 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.
by Carl Benedict
CVSS 6.1
CVE-2013-10050 EXPLOITDB HIGH text VERIFIED
D-Link DIR-300/615 - Command Injection
An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life.
by m-1-k-3
CVSS 8.8
CVE-2013-3242 EXPLOITDB text VERIFIED
Joomla! <2.5.10-3.0.4 - Code Injection
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.
by EgiX
EIP-2026-119106 EXPLOITDB ruby VERIFIED
SAP ConfigServlet - Remote Payload Execution (Metasploit)
by Andras Kabai
CVE-2002-1549 EXPLOITDB python VERIFIED
Light HTTPd 0.1 - Remote Code Execution via Long HTTP GET Request
Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
by Jacob Holcomb
CVE-2013-3241 EXPLOITDB text VERIFIED
phpMyAdmin <4.0.0-rc3 - Code Injection
export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.
by waraxe
CVE-2013-2594 EXPLOITDB text
Hornbill Supportworks ITSM <3.4.14 - SQL Injection
SQL injection vulnerability in reports/calldiary.php in Hornbill Supportworks ITSM 1.0.0 through 3.4.14 allows remote attackers to execute arbitrary SQL commands via the callref parameter.
by Joseph Sheridan
CVE-2013-3502 EXPLOITDB ruby VERIFIED
GroundWork Monitor Enterprise 6.7.0 - Authenticated Remote Code Execution via monarch_scan.cgi
monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequently obtain sensitive information, by leveraging a JOSSO SSO cookie.
by Metasploit
CVE-2013-3083 EXPLOITDB html VERIFIED
Belkin F5D8236-4 v2 - Cross-Site Request Forgery via remote_mgmt_enabled and remote_mgmt_port Parameters
Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via the remote_mgmt_enabled and remote_mgmt_port parameters.
by Jacob Holcomb
CVE-2013-2009 EXPLOITDB HIGH text VERIFIED
WordPress WP Super Cache Plugin <1.2 - RCE
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
by anonymous
CVSS 8.8
CVE-2013-2645 EXPLOITDB html VERIFIED
TP-LINK WR1043N Firmware TL-WR1043ND_V1_120405 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory traversal") to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm.
by Jacob Holcomb
EIP-2026-112251 EXPLOITDB php VERIFIED
SMF - '/index.php' HTML Injection / Multiple PHP Code Injection Vulnerabilities
by Jakub Galczyk
CVE-2013-2423 EXPLOITDB LOW ruby VERIFIED
Oracle JRE - Improper Access Control
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.
by Metasploit
CVSS 3.7
EIP-2026-101630 EXPLOITDB text
D-Link DIR-615 Rev D3 / DIR-300 Rev A - Multiple Vulnerabilities
by m-1-k-3
EIP-2026-101003 EXPLOITDB text VERIFIED
Cisco Linksys WRT310N Router - Multiple Denial of Service Vulnerabilities
by Carl Benedict
CVE-2013-10060 EXPLOITDB HIGH ruby VERIFIED
Netgear router <1.0.0.36 - Command Injection
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.
by Metasploit
CVSS 7.2
CVE-2009-4140 EXPLOITDB text VERIFIED
Open Flash Chart v2 Beta 1-v2 Lug Wyrm Charmer - RCE
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.
by iskorpitx
EIP-2026-115837 EXPLOITDB ruby VERIFIED
Mikrotik Syslog Server for Windows 1.15 - Denial of Service (Metasploit)
by xis_one
EIP-2026-115261 EXPLOITDB c VERIFIED
Flightgear 2.0/2.4 - Remote Format String
by Kurono
EIP-2026-113137 EXPLOITDB text VERIFIED
VoipNow 2.5 - Local File Inclusion
by i-Hmx
CVE-2011-4275 EXPLOITDB text VERIFIED
iTop 1.1.181 and 1.2.0-RC-282 - Cross-Site Scripting via Multiple Input Vectors
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
by iskorpitx
EIP-2026-114314 EXPLOITDB text VERIFIED
WordPress Theme Colormix - Multiple Vulnerabilities
by MustLive
EIP-2026-106231 EXPLOITDB text VERIFIED
Crafty Syntax Live Help 3.1.2 - Remote File Inclusion / Full Path Disclosure
by ITTIHACK
EIP-2026-104358 EXPLOITDB text VERIFIED
Nginx 0.6.x - Arbitrary Code Execution NullByte Injection
by Neal Poole
CVE-2013-3095 EXPLOITDB html VERIFIED
D-Link DIR865L Firmware < 1.05b07 - Cross-Site Request Forgery via hedwig.cgi or pigwidgeon.cgi
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. A1) with firmware before 1.05b07 allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password or (2) enable remote management via a request to hedwig.cgi or (3) activate configuration changes via a request to pigwidgeon.cgi.
by Jacob Holcomb