Exploitdb Exploits
50,095 exploits tracked across all sources.
RuggedCom Rugged Operating System < 3.10.1 - Unauthenticated Backdoor Account Access via MAC Address Calculation
RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.
by jc
Microsoft .NET Framework Remote Code Execution via Improper Function Parameter Validation
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
by Akita Software Security
PHP Ticket System Beta 1 - SQL Injection via q Parameter
SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php.
by G13
Joomla! Component com_videogallery - Local File Inclusion / SQL Injection
by KedAns-Dz
RuggedCom ROS <3.3 - Info Disclosure
RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803.
by jc
WebCalendar < 1.2.5 - Remote Code Execution via form_single_user_login Parameter
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
by EgiX
CVSS 9.8
Mobipocket Reader 6.2 Build 608 - Buffer Overflow
by shinnai
WebCalendar < 1.2.5 - Local File Inclusion
Local file inclusion in WebCalendar before 1.2.5.
by EgiX
CVSS 8.8
chillcreations mod_ccnewsletter 1.0.7-1.0.9 - SQL Injection via id Parameter
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
by E1nzte1N
Havalite CMS < 1.0.4 - Cross-Site Scripting via Multiple Input Fields
Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (4) the Edit Article module, or (5) hava_post.php in the postAuthor module; (6) postId parameter to hava_post.php; (7) userId parameter to hava_user.php; or (8) linkId parameter to hava_link.php.
by Vulnerability-Lab
Samsung NET-i viewer - Remote Code Execution via ConnectDDNS Method
The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
Samsung NET-i viewer 1.37.120316 - Remote Code Execution via BackupToAvi Method
Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
Oracle Java SE <7u4 & <6u32 - Info Disclosure
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment.
by Roberto Suggi Liverani
Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 - Info ...
Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Container.
by Roberto Suggi Liverani
Samsung NET-i viewer 1.37.120316 - Denial of Service via Negative Size Value in TCP Request
Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop) via a negative size value in a TCP request to (1) NiwMasterService or (2) NiwStorageService. NOTE: some of these details are obtained from third party information.
by Luigi Auriemma
vtiger CRM 5.1.0 - Path Traversal via module_name Parameter
Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter.
by Pi3rrot
TFTP Server SP 1.4 - Buffer Overflow
Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request.
by Metasploit
xRadio 0.95b - Local Buffer Overflow (Metasploit)
by Metasploit
Waylu CMS - '/products_xx.php' SQL Injection / HTML Injection
by TheCyberNuxbie
Pendulab ChatBlazer 8.5 - 'Username' Cross-Site Scripting
by sonyy
By Source