Exploitdb Exploits
50,091 exploits tracked across all sources.
WP-Property < 1.35.0 - Unauthenticated Arbitrary File Upload via uploadify.php
WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.
by Metasploit
WordPress Plugin Asset-Manager < 2.0 - Unauthenticated Arbitrary File Upload via upload.php
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a predictable temporary directory. Once uploaded, the attacker can execute the file via a direct HTTP GET request, resulting in remote code execution under the web server’s context.
by Metasploit
Microsoft SQL Server - Database Link Crawling Command Execution (Metasploit)
by Metasploit
IBM Lotus Notes 8.x - Remote Code Execution via Crafted notes:// URL
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.
by Metasploit
MyBB AwayList Plugin - 'index.php?id' SQL Injection
by Red_Hat
Hero Framework - users/login 'Username' Cross-Site Scripting
by Stefan Schurtz
Hero Framework - 'search?q' Cross-Site Scripting
by Stefan Schurtz
City Directory Review and Rating Script - 'search.php' SQL Injection
by 3spi0n
Netwin SurgeFTP <23c8 - Command Injection
Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system.
by Metasploit
TWiki MAKETEXT Remote Command Execution
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
by Metasploit
Foswiki MAKETEXT Remote Command Execution
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.
by Metasploit
Banana Dance <B.2.6 - Info Disclosure
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.
by High-Tech Bridge SA
Banana Dance <B.2.6 - Path Traversal
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.
by High-Tech Bridge SA
Sony PC Companion 2.1 - 'Load()' Unicode Stack Buffer Overflow
by LiquidWorm
Sony PC Companion 2.1 - 'DownloadURLToFile()' Unicode Stack Buffer Overflow
by LiquidWorm
Sony PC Companion 2.1 - 'CheckCompatibility()' Unicode Stack Buffer Overflow
by LiquidWorm
Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Unicode Stack Buffer Overflow
by LiquidWorm
Firefly Media Server 1.0.0.1359 - Denial of Service via Crafted HTTP Headers
Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2) Accept Language header, (3) User-agent header, (4) Host header, or (5) protocol version; or a (6) crafted HTTP protocol version.
by High-Tech Bridge SA
VoipNow Service Provider Edition - Arbitrary Command Execution
by i-Hmx
Elite Bulletin Board < 2.1.22 - SQL Injection via PATH_INFO
Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_guest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATH_INFO to (a) checkuser.php, (b) groups.php, (c) index.php, (d) login.php, (e) quicklogin.php, (f) register.php, (g) Search.php, (h) viewboard.php, or (i) viewtopic.php.
by High-Tech Bridge SA
By Source