Exploitdb Exploits
50,095 exploits tracked across all sources.
Netgear Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery
by Sense of Security
Cisco TelePresence System MXP Series < F9.1 - Authenticated Cross-Site Scripting via Call ID
Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488.
by Sense of Security
Cisco Telepresence C Series < TC4.2.0 - Authenticated Buffer Overflow via cuil getxml Location Parameter
Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496.
by Sense of Security
KnFTP 1.0.0 - Remote Code Execution via Multiple Stack-Based Buffer Overflows
Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote attackers to execute arbitrary code via a long string to the (1) USER, (2) PASS, (3) REIN, (4) QUIT, (5) PORT, (6) PASV, (7) TYPE, (8) STRU, (9) MODE, (10) RETR, (11) STOR, (12) APPE, (13) ALLO, (14) REST, (15) RNFR, (16) RNTO, (17) ABOR, (18) DELE, (19) CWD, (20) LIST, (21) NLST, (22) SITE, (23) STST, (24) HELP, (25) NOOP, (26) MKD, (27) RMD, (28) PWD, (29) CDUP, (30) STOU, (31) SNMT, (32) SYST, and (33) XPWD commands.
by mr.pr0n
WordPress Plugin Zingiri Web Shop 2.2.0 - Remote File Inclusion
by Ben Schmidt
WordPress Plugin WPEasyStats 1.8 - Remote File Inclusion
by Ben Schmidt
WordPress Plugin TheCartPress 1.1.1 - Remote File Inclusion
by Ben Schmidt
Relocate Upload < 0.20 - Remote Code Execution via abspath Parameter
PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
by Ben Schmidt
WordPress Plugin Mini Mail Dashboard Widget 1.36 - Remote File Inclusion
by Ben Schmidt
WordPress Plugin Mailing List 1.3.2 - Remote File Inclusion
by Ben Schmidt
WordPress Plugin Filedownload 0.1 - 'download.php' Remote File Disclosure
by Septemb0x
WordPress Plugin Disclosure Policy 1.0 - Remote File Inclusion
by Ben Schmidt
WordPress Plugin Annonces 1.2.0.0 - Remote File Inclusion
by Ben Schmidt
Allwebmenus WordPress Plugin 1.1.3 - Remote Code Execution via abspath Parameter
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
by Ben Schmidt
Toko Lite CMS 1.5.2 - HTTP Response Splitting / Cross-Site Scripting
by Gjoko Krstic
Toko Lite CMS 1.5.2 - 'edit.php' HTTP Response Splitting
by LiquidWorm
net4visions (Multiple Products) - 'dir' Multiple Cross-Site Scripting Vulnerabilities
by Gjoko Krstic
TimThumb < 2.0 - Remote Code Execution via Domain Whitelist Bypass
TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011.
by Ben Schmidt
Apple Mac OSX (Lion) - Directory Services Security Bypass
by Defence in Depth
Cisco TelePresence C Series, E/EX, MXP < TC 4.0.0/F9.1 - DoS via SIP Packet
Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500.
by Sense of Security
Aspgwy Access 1.0 - 'matchword' Cross-Site Scripting
by kurdish hackers team
Azeotech DAQFactory <5.85.1853 - Buffer Overflow
Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034.
by Metasploit
By Source