Exploitdb Exploits
4,759 exploits tracked across all sources.
XhP CMS 0.5.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
by Ahsan Tahir
Pluck CMS 4.7.3 - Cross-Site Request Forgery (Add Page)
by Ahsan Tahir
The Unarchiver 3.11.1 - '.tar.Z' Crash (PoC)
by Antonio Z.
Mozilla Firefox 49.0.1 - Denial of Service
by sultan albalawi
VOX Music Player 2.8.8 - '.pls' Denial of Service
by Antonio Z.
Subversion < 1.6.23 - Authenticated Remote Code Execution via Shell Metacharacters in Filename
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
by GlacierZ0ne
AVTECH - Improper Certificate Validation
An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks.
by Gergely Eberhardt
AVTECH IP camera, DVR, and NVR Devices - Unauthenticated Authentication Bypass via /nobody URL Path
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.
by Gergely Eberhardt
AVTECH IP camera - Command Injection
An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system commands without proper sanitation. This allows for the execution of arbitrary shell commands with root privileges.
by Gergely Eberhardt
AVTECH DVR-NVR-IP Camera - Command Injection
An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.
by Gergely Eberhardt
AVTECH IP camera, DVR, and NVR Devices - Unauthenticated OS Command Injection via Search.cgi Parameters
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC.
by Gergely Eberhardt
AVTECH IP camera, DVR, and NVR devices - Authentication Bypass via .cab URL Spoofing
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.
by Gergely Eberhardt
AVTECH DVR - Server-Side Request Forgery
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.
by Gergely Eberhardt
AVTECH IP cameras, DVR, and NVR devices - Cross-Site Request Forgery
A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration without user interaction.
by Gergely Eberhardt
AVTECH IP Camera, NVR, and DVR Devices - Authenticated OS Command Injection via CloudSetup.cgi exefile Parameter
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The `exefile` parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke this endpoint can supply crafted input to execute arbitrary system commands as root. Successful exploitation grants full control of the device, and - depending on deployment and whether the device stores credentials or has network reachability to internal systems - may enable credential theft, lateral movement, or data exfiltration. The archived SEARCH-LAB disclosure implies that this vulnerability was remediated in early 2017, but AVTECH has not defined an affected version range.
by Gergely Eberhardt
Persistent Systems Radia Client Automation <9.1 - RCE
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
by SlidingWindow
VX Search Enterprise 9.0.26 - 'Login' Remote Buffer Overflow
by Tulpa
Sync Breeze Enterprise 8.9.24 - 'Login' Remote Buffer Overflow
by Tulpa
Dup Scout Enterprise 9.0.28 - 'Login' Remote Buffer Overflow
by Tulpa
Disk Sorter Enterprise 9.0.24 - 'Login' Remote Buffer Overflow
by Tulpa
Disk Savvy Enterprise 9.0.32 - 'Login' Remote Buffer Overflow
by Tulpa
Oracle Linux < 9.9.9 - Improper Input Validation
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
by Infobyte
CVSS 7.5
By Source