Exploitdb Exploits
50,083 exploits tracked across all sources.
D-Link DIR-600 DIR-300 - Command Injection
The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root.
by m-1-k-3
CVSS 9.8
Glossword 1.8.8-1.8.12 - Authenticated Arbitrary File Upload and Remote Code Execution via Administrative Interface
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can upload and execute PHP payloads, resulting in remote code execution.
by AkaStep
D-Link DIR-300 rev B & DIR-600 <2.13/2.14b01 - Command Injection
An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter.
by m-1-k-3
CVSS 9.8
Opera < 12.13 - Remote Code Execution via SVG clipPaths
Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.
by Cons0ul
portable SDK for UPnP Devices 1.3.1 - Stack-based Buffer Overflow in SSDP DeviceType Field
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet.
by Metasploit
Oracle Automated Service Manager 1.3 - Installation Privilege Escalation
by Larry W. Cashdollar
Linux Kernel <= 3.7.9 - Sensitive Keystroke Timing Exposure via inotify on /dev/ptmx
The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.
by vladz
Cisco Unity Express Software < 8.0 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
by Jacob Holcomb
Pure-FTPd < 1.0.32 - Authenticated Denial of Service via Glob Expression Expansion
The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.
by Maksymilian Arciemowicz
Simple Machine Forum 2.0.x < 2.0.4 - File Disclosure / Directory Traversal
by NightlyDev
EasyITSP - 'voicemail.php' Directory Traversal
by Michal Blaszczak
3S CODESYS Gateway-Server <2.3.9.27 - Path Traversal
Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname.
by Metasploit
WordPress Theme flashnews - Multiple Input Validation Vulnerabilities
by MustLive
DataLife Engine 9.7 - Remote Code Execution via catlist[] Parameter
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
by Metasploit
DataLife Engine <9.7 - Info Disclosure
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.
by Metasploit
Netgear SPH200D Skype phone firmware <=1.0.4.80 - Path Traversal
A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive system files and configuration data.
by m-1-k-3
Firebird <2.1.5-2.5.3 - Buffer Overflow
Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.
by Metasploit
Audio Player < 2.0.4.6 - Cross-Site Scripting via playerID Parameter
Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter.
by hiphop
Novell GroupWise <8.0.3-2012 - RCE/DoS
The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors.
by High-Tech Bridge
Buffalo TeraStation TS-Series - Multiple Vulnerabilities
by Andrea Fabrizi
By Source