Exploitdb Exploits
4,726 exploits tracked across all sources.
Lilac-Reloaded for Nagios 2.0.8 - RCE
Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmap_binary parameter to execute a reverse shell by sending a crafted POST request to the autodiscovery endpoint.
by max / Zoltan Padanyi
CVSS 9.8
Chitor-CMS <1.1.2 - SQL Injection
Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities.
by msd0pe
CVSS 9.8
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit
by LiquidWorm
BrainyCP 1.0 - Authenticated RCE
BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit the crontab endpoint by adding a malicious command that spawns a reverse shell to a specified IP and port.
by Ahmet Ümit BAYRAM
CVSS 8.8
SourceCodester Online Computer and Laptop Store 1.0 - Unrestricted ...
A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability.
by Matisse Beckandt
CVSS 6.3
Joomla! < 4.2.8 - Improper Access Control
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
by Alexandre ZANNI
CVSS 5.3
Icinga Web 2 <2.9.5 - Info Disclosure
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.
by Jacob Ebben
CVSS 7.5
Apsystems Energy Communication Unit Firmware - OS Command Injection
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.
by Ahmed Alroky
CVSS 9.8
Netgate pfSense Plus <v22.05.1 - Auth Bypass
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.
by FabDotNET
CVSS 9.8
FortiRecorder <6.4.3 - DoS
An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests.
by Mohammed Adel
CVSS 7.5
NotrinosERP v0.7 - SQL Injection
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.
by Arvandy
CVSS 8.8
Rejected
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-24685. Reason: This record is a duplicate of CVE-2023-24685. Notes: All CVE users should reference CVE-2023-24685 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
by Arvandy
IBM Aspera Faspex < 4.4.1 - Insecure Deserialization
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.
by Maurice Lambert
CVSS 9.8
IBM Instana - Info Disclosure
Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737.
by Shahid Parvez (zippon)
CVSS 9.1
Tenda N300 F3 12.01.01.48 - Info Disclosure
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.
by @h454nsec
CVSS 9.6
Unifiedremote Unified Remote - XXE
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.
by H4rk3nz0
CVSS 9.8
Pdfkit < 0.8.7.2 - Command Injection
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
by UNICORD
CVSS 7.3
Polr <2.3.0 - Privilege Escalation
Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a request with specific cookie headers to the /setup/finish endpoint, they may be able to obtain admin privileges on the instance. This is caused by a loose comparison (==) in SetupController that is susceptible to attack. The project has been patched to ensure that a strict comparison (===) is used to verify the setup key, and that /setup/finish verifies that no users table exists before performing any migrations or provisioning any new accounts. This is fixed in version 2.3.0. Users can patch this vulnerability without upgrading by adding abort(404) to the very first line of finishSetup in SetupController.php.
by p4kl0nc4t
CVSS 9.3
Dompdf 1.2.1 - RCE
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).
by Ravindu Wickramasinghe
CVSS 9.8
Phpgurukul Art Gallery Management System - SQL Injection
Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page.
by Yogesh Verma
CVSS 9.8
AgileBio Electronic Lab Notebook <4.234 - Local File Inclusion
AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.
by Anthony Cole
CVSS 8.8
Seowonintech Swc-5100w Firmware - OS Command Injection
SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem() function.
by Momen Eldawakhly
CVSS 8.8
Osprey Pump Controller 1.0.1 - Unauthenticated Remote Code Execution Exploit
by LiquidWorm
Osprey Pump Controller 1.0.1 - Authentication Bypass Credentials Modification
by LiquidWorm
Easynas - Command Injection
A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
by Ivan Spiridonov
CVSS 6.3
By Source