Exploitdb Exploits
3,138 exploits tracked across all sources.
Gandia Integra Total 2.1.2217.3-4.4.2236.1 - Authenticated SQL Injection via idestudio Parameter
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php.
by Byte Reaper
CVSS 8.8
copyparty < 1.18.7 - Reflected Cross-Site Scripting via Recent Uploads Filter Parameter
Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at `/?ru`, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a `<script>` block without proper escaping, allowing for reflected Cross-Site Scripting (XSS) and can be exploited against both authenticated and unauthenticated users. This is fixed in version 1.18.7.
by Byte Reaper
CVSS 6.3
macrozheng mall < 1.0.3 - Cross-Site Scripting via Swagger UI configUrl Parameter
A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor deleted the GitHub issue for this vulnerability without any explanation. Afterwards the vendor was contacted early about this disclosure via email but did not respond in any way.
by Byte Reaper
CVSS 3.5
XWiki Platform - SQL Injection
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an ORDER BY value. This is fixed in versions 16.10.6 and 17.3.0-rc-1.
by Byte Reaper
CVSS 9.8
Tenda FH451 1.0.0.9 - Buffer Overflow
A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
by Byte Reaper
CVSS 8.8
TightVNC Server for Windows < 2.8.84 - Unauthenticated Exposure of Sensitive Information via Control Pipe
TightVNC (Server for Windows) before 2.8.84 allows attackers to connect to the control pipe via a network connection.
by Ionut Zevedei
CVSS 9.1
Windows 10 1507 < 10.0.10240.19926 and 1607 < 10.0.14393.5921 - Use-After-Free in Win32k
Win32k Elevation of Privilege Vulnerability
by Milad karimi
CVSS 7.8
TP-Link VN020 F3v(T) TT_V6.2.1021 - Stack-Based Buffer Overflow in DHCP DISCOVER Packet Parser
A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
by Mohamed Maatallah
CVSS 7.5
Windows Common Log File System Driver - Elevation of Privilege via Heap-based Buffer Overflow
Windows Common Log File System Driver Elevation of Privilege Vulnerability
by Milad karimi
CVSS 7.8
Windows Kernel - Privilege Escalation
Windows Kernel Elevation of Privilege Vulnerability
by Milad karimi
CVSS 7.8
OpenSSH - DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
by Milad karimi
CVSS 8.1
TP-Link VN020 F3v(T) TT_V6.2.1021 - Memory Corruption via FTP USER Command Handler
A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
by Mohamed Maatallah
CVSS 6.3
WinRAR version 6.22 - Remote Code Execution via ZIP archive
by E1 Coders
TPC-110W - Missing Authentication for Critical Function
by Amirhossein Bahramizadeh
Dormakaba Saflok System 6000 - Info Disclosure
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation of the card's unique identifier.
by planthopper3301
CVSS 9.8
(shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]
by Alexys (0x177git)
Windows Kernel - Integer Underflow Elevation of Privilege
Windows Kernel Elevation of Privilege Vulnerability
by Amirhossein Bahramizadeh
CVSS 7.8
Microsoft SharePoint Server - Server-Side Request Forgery
Microsoft SharePoint Server Spoofing Vulnerability
by Amirhossein Bahramizadeh
CVSS 8.1
Nokia Airscale ASIKA Firmware - Use of Hard-coded SSH Keys
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server (disabled by default) continues to apply the default SSH public/private key values. These keys don't give access to BTS, because service user authentication is username/password-based on top of SSH. Nokia factory installed default SSH keys are meant to be changed from operator-specific values during the BTS deployment commissioning phase. However, before the 21B release, BTS commissioning manuals did not provide instructions to change default SSH keys (to BTS operator-specific values). This leads to a possibility for malicious operations staff (inside a CSP network) to attempt MITM exploitation of BTS service user access, during the moments that SSH is enabled for Nokia service personnel to perform troubleshooting activities.
by Amirhossein Bahramizadeh
CVSS 6.3
Solaris 10 libXm - Buffer overflow Local privilege escalation
by Marco Ivaldi
NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit
by Neil Kettle
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
by Lance Biggerstaff
CVSS 7.8
By Source