Exploitdb Exploits
50,095 exploits tracked across all sources.
BMC Identity Management Suite 7.5.00.103 - CSRF
Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords.
by Travis Lee
F5 BIG-IP Multiple Versions - Unauthenticated SSH Login via Shared Private Key
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.
by Florent Daigniere
Tom Sawyer GET Extension Factory <5.5.2.237 - Memory Corruption
Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.
by Metasploit
WordPress Plugin Content Flow 3D 1.0.0 - Arbitrary File Upload
by g11tch
Webspell dailyinput Movie Addon 4.2.x - SQL Injection
by Easy Laster
Symantec Web Gateway 5.0.x - Remote Code Execution via File Management Scripts
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.
by Metasploit
Joomla! Component com_alphacontent - 'limitstart' SQL Injection
by xDarkSton3x
ComSndFTP FTP Server <1.3.7 Beta - Code Injection
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory (specifically WSACleanup from Ws2_32.dll). This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, ultimately leading to arbitrary code execution. The vulnerability is exploitable without authentication and affects default configurations.
by demonalex
Winlog Lite < 2.07.18 - Remote Code Execution via Crafted TCP Packet
Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. NOTE: some of these details are obtained from third party information.
by Metasploit
Samsung NET-i viewer 1.37.120316 - Remote Code Execution via BackupToAvi Method
Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of these details are obtained from third party information.
by Metasploit
Microsoft MDAC <2.7 - Buffer Overflow
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
by Metasploit
wpStoreCart < 2.5.30 - Unauthenticated Arbitrary File Upload and Remote Code Execution via upload.php
Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart.
by Sammy FORGIT
WordPress Plugin TinyMCE Thumbnail Gallery 1.0.7 - Remote File Disclosure
by Sammy FORGIT
WordPress Plugin Thinkun Remind 1.1.3 - Remote File Disclosure
by Sammy FORGIT
WordPress Plugin Simple Download Button ShortCode 1.0 - Remote File Disclosure
by Sammy FORGIT
RBX Gallery 2.1 - Unauthenticated Arbitrary File Upload via uploader.php
Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider.
by Sammy FORGIT
WordPress Plugin PICA Photo Gallery 1.0 - Remote File Disclosure
by Sammy FORGIT
Plugin Newsletter plugin 1.5 - Path Traversal via Data Parameter
Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the data parameter.
by Sammy FORGIT
WordPress Plugin Front File Manager 0.1 - Arbitrary File Upload
by Adrien Thierry
WordPress Plugin Easy Contact Forms Export 1.1.0 - Information Disclosure
by Sammy FORGIT
By Source