Exploitdb Exploits
50,083 exploits tracked across all sources.
Edimax EW-7206-APg and EW-7209APg - Multiple Vulnerabilities
by m-1-k-3
Polycom HDX Series - Command Injection
An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized input, allowing attackers to execute arbitrary system commands. By injecting shell metacharacters through the traceroute interface, an attacker can achieve remote code execution under the context of the root user. This flaw affects systems where Telnet access is enabled and either unauthenticated access is allowed or credentials are known.
by Paul Haas
Foxit Reader Plugin 2.2.1.530 - Buffer Overflow
Foxit Reader versions through 5.4.5.0114, including the bundled Foxit Reader Plugin 2.2.1.530, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a remote host, an overly long query string in the URL can overflow a buffer, allowing remote attackers to execute arbitrary code.
by Metasploit
Raidsonic IB-NAS5220 and IB-NAS4220 - Unauthenticated OS Command Injection via timeHandler.cgi timeZone Parameter
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone parameter of a POST request, allowing remote attackers to inject arbitrary shell commands.
by m-1-k-3
SonicWALL OEM Scrutinizer 9.5.2 - Multiple Vulnerabilities
by Vulnerability-Lab
Microsoft Internet Explorer 8 - Remote Code Execution via SLayoutRun Use-After-Free
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability."
by Scott Bell
NextGEN Gallery Plugin for WordPress 1.9.10-1.9.11 - Path Disclosure
NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability
by Henrique Montenegro
CVSS 7.5
Ultra Light Forum - Persistent Cross-Site Scripting
by cr4wl3r
Dell SonicWALL Scrutinizer - Multiple HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
Transferable Remote 1.1 iPad iPhone - Multiple Vulnerabilities
by Vulnerability-Lab
OpenPLI 3.0 Beta (OpenPLi-beta-dm7000-20130127-272) - Multiple Vulnerabilities
by m-1-k-3
iTop 1.1.181 and 1.2.0-RC-282 - Cross-Site Scripting via Multiple Input Vectors
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
by LiquidWorm
VMware OVF Tool 2.1 - Remote Code Execution via Crafted OVF File
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.
by Metasploit
Novell GroupWise <8.0.3-2012.SP1 - RCE
An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method.
by Metasploit
Sonar - Multiple Cross-Site Scripting Vulnerabilities
by DevilTeam
Linksys router <1.0.00-1.0.05 - Path Traversal
A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next_page POST parameter to access arbitrary files outside the intended web root by injecting traversal sequences. This allows exposure of sensitive system files and configuration data.
by m-1-k-3
D-Link DIR-615H1 <8.04 - Command Injection
An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. The web interface fails to sanitize input passed from the ping_ipaddr parameter to the tools_vct.htm diagnostic interface, allowing attackers to inject arbitrary shell commands using backtick encapsulation. With default credentials, an attacker can exploit this blind injection vector to execute arbitrary commands.
by m-1-k-3
CVSS 7.2
Linksys router <v2.0.03 - Command Injection
An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails to properly sanitize user-supplied input passed to the ping_size parameter during diagnostic operations. An attacker with valid credentials can inject arbitrary shell commands, enabling remote code execution.
by m-1-k-3
Freefloat FTP Server 1.0 - 'Raw' Remote Buffer Overflow
by superkojiman
Windows Vista/7/8, Server 2008/2012, RT - Privilege Escalation via Win32k Window Broadcast
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
by 0vercl0k
IRIS Citations Management Tool - (Authenticated) Remote Command Execution
by aeon
IP.Gallery 4.2.x/5.0.x - Persistent Cross-Site Scripting
by Mohamed Ramadan
By Source