Exploitdb Exploits
4,726 exploits tracked across all sources.
GLPI <9.4.6 - Command Injection
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks. This is fixed in version 9.4.6.
by Brian Peters
CVSS 7.4
BoidCMS Command Injection
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.
by 1337kid
CVSS 8.8
Splunk Enterprise <9.0.5 - Privilege Escalation
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
by Redway Security
CVSS 8.8
MinIO - Info Disclosure
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies.
by Jenson Zhao
CVSS 7.4
GOM Player 2.3.90.5360 - RCE
GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server interaction.
by M. Akil Gündoğan
CVSS 8.8
GOM Player <2.3.90.5360 - Buffer Overflow
GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause application instability.
by Ahmet Ümit BAYRAM
CVSS 9.8
SyncBreeze 15.2.24 - DoS
SyncBreeze 15.2.24 contains a denial of service vulnerability in the login authentication mechanism that allows attackers to crash the service. Attackers can send an oversized password parameter with repeated 'password=' values to overwhelm the login endpoint and potentially disrupt service availability.
by mohamed youssef
Wp2Fac 1.0 - Command Injection
Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code.
by Ahmet Ümit BAYRAM
Jaycar La5570 Firmware - Symlink Following
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf.
by The Security Team [exploitsecurity.io]
CVSS 7.5
Ivanti Avalanche < 6.4.1 - Out-of-Bounds Write
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution.
Thanks to a Researcher at Tenable for finding and reporting.
Fixed in version 6.4.1.
by Robel Campbell
CVSS 9.8
Veronalabs WP Statistics < 13.1.5 - SQL Injection
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.
by psychoSherlock
CVSS 9.8
FileMage Gateway <1.10.8 - Path Traversal
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.
by Bryce Raindayzz Harty
CVSS 7.5
Tp-link Archer Ax21 Firmware < 1.1.4 - Command Injection
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.
by Voyag3r
CVSS 8.8
Xlight FTP Server 3.9.3.6 - Buffer Overflow
Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service condition.
by Yehia Elghaly
CVSS 7.5
ReyeeOS 1.204.1614 - Man-In-The-Middle
ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by exploiting the unprotected HTTP polling requests.
by Riyan Firmansyah of Seclab
CVSS 8.1
Ninjaforms Ninja Forms < 3.6.26 - XSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.
by Mehran Seifalinia
CVSS 7.1
General Device Manager 2.5.2.2 - Buffer Overflow
General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow.
by Ahmet Ümit BAYRAM
CVSS 9.8
Uvdesk 1.1.3 - RCE
An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file.
by Daniel Barros
CVSS 7.8
Zomplog 3.9 - RCE
Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the application.
by Mirabbas Ağalarov
CVSS 8.8
AN_GradeBook <5.0.1 - SQL Injection
The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber
by Lukas Kinneberg
CVSS 8.8
PimpMyLog 1.7.14 - XSS
PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account, and potentially access sensitive server-side log information and environmental variables.
by thoughtfault
CVSS 9.8
phpfm 1.7.9 - Auth Bypass
phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server.
by thoughtfault
CVSS 9.8
Joomla! com_booking component 2.4.9 - Information Leak (Account enumeration)
by qw3rTyTy
ABB Flow-x/m Firmware < 3.2.6 - Information Disclosure
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0.
by Paul Smith
CVSS 5.3
By Source