Exploitdb Exploits
4,759 exploits tracked across all sources.
Gibbon < 26.0.00 - Authenticated PHP Deserialization via columnOrder Parameter
Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.
by Ali Maharramli_Fikrat Guliev_Islam Rzayev
CVSS 8.8
ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCE
by Ravindu Wickramasinghe
TELSAT marKoni FM Transmitter 1.9.5 - Root Command Injection
by LiquidWorm
LaborOfficeFree 19.10 - MySQL Root Password Calculator
by Peter Gabaldon
9bis/kitty < 0.76.1.13 - Command Injection via Filename Variable
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.
by DEFCESCO
CVSS 7.8
KiTTY < 0.76.1.13 - Stack-Based Buffer Overflow via Username Input
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.
by DEFCESCO
CVSS 7.8
9bis/kitty < 0.76.1.13 - Stack-Based Buffer Overflow via Hostname
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.
by DEFCESCO
CVSS 7.8
JetBrains TeamCity < 2023.05.4 - Unauthenticated Remote Code Execution
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
by ByteHunter
CVSS 9.8
Viessmann Vitogate 300 <2.1.3.0 - Direct Request
A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by ByteHunter
CVSS 4.3
SolarView Compact Firmware <= 6.00 - Remote Command Execution via downloader.php
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
by ByteHunter
CVSS 9.8
Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE)
by ByteHunter
Honeywell PM43 Firmware < P10.19.050004 - Command Injection via Printer Web Page Modules
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
by ByteHunter
CVSS 9.9
Eclipse Equinox OSGi 3.7.2 Remote Code Execution via Console
Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in fork directives to achieve code execution and establish reverse shell connections.
by Andrzej Olchawa_ Milenko Starcik
CVSS 9.8
Eclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, establishing a reverse shell connection.
by Andrzej Olchawa_ Milenko Starcik
CVSS 9.8
VMware Cloud Director 10.5 - Bypass identity verification
by Abdualhadi khalifa
Cisco Firepower Management Center < 6.6.7.1 - Authenticated RCE
by Abdualhadi khalifa
WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover
by Dmitrii Ignatyev
Adobe ColdFusion versions 2018_15 (and earlier) and 2021_5 and earlier - Arbitrary File Read
by Youssef Muhammad
Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDOR
by Arslan Masood
GL.iNet 4.x - Authentication Bypass via SQL Injection
Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S GL-MT2500 GL-AXT1800 GL-X3000 and GL-SFT1200.
by Daniele Linguaglossa
CVSS 9.8
CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution
by tmrswrr
Easywall 0.3.1 - Authenticated Remote Command Execution via Ports-Save Endpoint
Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server.
by Melvin Mejia
By Source