Exploitdb Exploits
459 exploits tracked across all sources.
Online Marriage Registration System 1.0 - Remote Code Execution (1)
by Enesdex
Aerohive HiveOS - DoS
Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption.
by LiquidWorm
CVSS 7.5
VMware Fusion <11.5.2 - Privilege Escalation
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
by Rich Mirch
CVSS 7.8
Horde Groupware Webmail Edition <5.2.22 - Code Injection
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
by Andrea Cardaci
CVSS 9.8
Sudo <1.8.26 - Buffer Overflow
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
by Dylan Katz
CVSS 7.8
HP Performance Monitoring xglance Priv Esc
Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via unknown vectors.
by redtimmysec
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
by Project Zero India
CVSS 9.8
FreeBSD-SA-19:15.mqueuefs - Privilege Escalation
by Karsten König
FreeBSD - Privilege Escalation
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.
by Karsten König
CVSS 8.8
Centova Cast 3.2.12 - DoS
Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters.
by DroidU
CVSS 7.5
Centova Cast 3.2.11 - Path Traversal
Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using curl and wget requests.
by DroidU
CVSS 8.8
FlexAir Access Control 2.4.9api3 - Remote Code Execution
by LiquidWorm
Linear eMerge 50P/5000P - Command Injection
Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution.
by LiquidWorm
CVSS 9.8
Smartwares Home Easy Firmware < 1.0.9 - Missing Authentication
Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control.
by LiquidWorm
CVSS 7.5
iSeeQ Hybrid DVR WH-H4 1.03R - Info Disclosure
iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability in the get_jpeg script that allows unauthorized access to live video streams. Attackers can retrieve video snapshots from specific camera channels by sending requests to the /cgi-bin/get_jpeg endpoint without authentication.
by LiquidWorm
CVSS 9.8
Rifatron 5brid DVR - Unauthenticated Access
Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication.
by LiquidWorm
CVSS 9.8
Jobberbase 2.0 - SQL Injection
In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection.
by Damian Ebelties
CVSS 9.8
Webmin < 1.920 - OS Command Injection
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
by Fernando A. Lagos B
CVSS 9.8
FreeBSD - Privilege Escalation
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.
by gr4yf0x
CVSS 8.8
Exim 4.87 - 4.91 Local Privilege Escalation
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
by Marco Ivaldi
CVSS 9.8
By Source