Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-10069 EXPLOITDB CRITICAL text
D-Link DIR-600 DIR-300 - Command Injection
The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root.
by m-1-k-3
CVSS 9.8
CVE-2013-10067 EXPLOITDB CRITICAL text VERIFIED
Glossword 1.8.8-1.8.12 - Authenticated Arbitrary File Upload and Remote Code Execution via Administrative Interface
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can upload and execute PHP payloads, resulting in remote code execution.
by AkaStep
CVE-2013-10048 EXPLOITDB CRITICAL text
D-Link DIR-300 rev B & DIR-600 <2.13/2.14b01 - Command Injection
An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter.
by m-1-k-3
CVSS 9.8
CVE-2013-1638 EXPLOITDB VERIFIED
Opera < 12.13 - Remote Code Execution via SVG clipPaths
Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.
by Cons0ul
CVE-2012-5965 EXPLOITDB ruby VERIFIED
portable SDK for UPnP Devices 1.3.1 - Stack-based Buffer Overflow in SSDP DeviceType Field
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet.
by Metasploit
EIP-2026-107432 EXPLOITDB text VERIFIED
Glossword 1.8.3 - SQL Injection
by AkaStep
EIP-2026-107217 EXPLOITDB text
Free Monthly Websites 2.0 - Multiple Vulnerabilities
by X-Cisadane
EIP-2026-105232 EXPLOITDB text
ArrowChat 1.5.61 - Multiple Vulnerabilities
by kallimero
EIP-2026-104942 EXPLOITDB text
AdaptCMS 2.0.4 - 'config.php?question' SQL Injection
by kallimero
EIP-2026-102940 EXPLOITDB text
Oracle Automated Service Manager 1.3 - Installation Privilege Escalation
by Larry W. Cashdollar
CVE-2013-0160 EXPLOITDB bash
Linux Kernel <= 3.7.9 - Sensitive Keystroke Timing Exposure via inotify on /dev/ptmx
The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.
by vladz
CVE-2013-1120 EXPLOITDB text VERIFIED
Cisco Unity Express Software < 8.0 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
by Jacob Holcomb
CVE-2011-0418 EXPLOITDB text
Pure-FTPd < 1.0.32 - Authenticated Denial of Service via Glob Expression Expansion
The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.
by Maksymilian Arciemowicz
EIP-2026-112104 EXPLOITDB text VERIFIED
Simple Machine Forum 2.0.x < 2.0.4 - File Disclosure / Directory Traversal
by NightlyDev
EIP-2026-106718 EXPLOITDB text VERIFIED
EasyITSP - 'voicemail.php' Directory Traversal
by Michal Blaszczak
CVE-2012-4705 EXPLOITDB ruby VERIFIED
3S CODESYS Gateway-Server <2.3.9.27 - Path Traversal
Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname.
by Metasploit
EIP-2026-114328 EXPLOITDB text VERIFIED
WordPress Theme flashnews - Multiple Input Validation Vulnerabilities
by MustLive
CVE-2013-1412 EXPLOITDB ruby VERIFIED
DataLife Engine 9.7 - Remote Code Execution via catlist[] Parameter
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
by Metasploit
CVE-2013-7387 EXPLOITDB ruby VERIFIED
DataLife Engine <9.7 - Info Disclosure
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.
by Metasploit
CVE-2013-10063 EXPLOITDB MEDIUM text
Netgear SPH200D Skype phone firmware <=1.0.4.80 - Path Traversal
A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive system files and configuration data.
by m-1-k-3
CVE-2013-2492 EXPLOITDB ruby VERIFIED
Firebird <2.1.5-2.5.3 - Buffer Overflow
Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.
by Metasploit
CVE-2013-1464 EXPLOITDB text VERIFIED
Audio Player < 2.0.4.6 - Cross-Site Scripting via playerID Parameter
Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter.
by hiphop
CVE-2013-0804 EXPLOITDB html VERIFIED
Novell GroupWise <8.0.3-2012 - RCE/DoS
The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors.
by High-Tech Bridge
EIP-2026-101620 EXPLOITDB text
D-Link DCS Cameras - Multiple Vulnerabilities
by Roberto Paleari
EIP-2026-101578 EXPLOITDB text
Buffalo TeraStation TS-Series - Multiple Vulnerabilities
by Andrea Fabrizi