Exploitdb Exploits
4,759 exploits tracked across all sources.
PaperCut MF and NG 8.0-20.1.7 - Unauthenticated Remote Code Execution via SetupCompleted
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
by MaanVader
CVSS 9.8
Lilac-Reloaded for Nagios 2.0.8 - RCE
Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmap_binary parameter to execute a reverse shell by sending a crafted POST request to the autodiscovery endpoint.
by max / Zoltan Padanyi
CVSS 9.8
Chitor-CMS < 1.1.2 - SQL Injection
Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities.
by msd0pe
CVSS 9.8
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit
by LiquidWorm
BrainyCP 1.0 - Authenticated Remote Code Execution via Crontab Configuration Injection
BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit the crontab endpoint by adding a malicious command that spawns a reverse shell to a specified IP and port.
by Ahmet Ümit BAYRAM
CVSS 8.8
SourceCodester Online Computer and Laptop Store 1.0 - Unrestricted ...
A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability.
by Matisse Beckandt
CVSS 6.3
Joomla! 4.0.0-4.2.7 - Unauthenticated Improper Access Control in Webservice Endpoints
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
by Alexandre ZANNI
CVSS 5.3
Icinga Web 2 <2.9.5 - Info Disclosure
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.
by Jacob Ebben
CVSS 7.5
APSystems Energy Communication Unit Firmware C1.2.5 - OS Command Injection via Timezone Parameter
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.
by Ahmed Alroky
CVSS 9.8
Netgate pfSense Plus <v22.05.1 - Auth Bypass
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.
by FabDotNET
CVSS 9.8
FortiRecorder < 6.0.11 - Unauthenticated Denial of Service via Crafted GET Requests
An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests.
by Mohammed Adel
CVSS 7.5
NotrinosERP 0.7 - SQL Injection via OrderNumber Parameter
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.
by Arvandy
CVSS 8.8
IBM Aspera Faspex < 4.4.2 PL2 - Remote Code Execution via YAML Deserialization
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.
by Maurice Lambert
CVSS 9.8
IBM Observability with Instana 239-0-239-2, 241-0-241-2, 243-0 - Unauthenticated Data Store Access
Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737.
by Shahid Parvez (zippon)
CVSS 9.1
Tenda N300 F3 12.01.01.48 - Info Disclosure
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.
by @h454nsec
CVSS 9.6
Unified Remote 3.13.0 - Remote Code Execution via Remote Upload Endpoint
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.
by H4rk3nz0
CVSS 9.8
pdfkit < 0.8.7.2 - Command Injection via URL Parameter
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
by UNICORD
CVSS 7.3
polr < 2.3.0 - Unauthenticated Admin Account Creation via Setup Finish Endpoint
Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a request with specific cookie headers to the /setup/finish endpoint, they may be able to obtain admin privileges on the instance. This is caused by a loose comparison (==) in SetupController that is susceptible to attack. The project has been patched to ensure that a strict comparison (===) is used to verify the setup key, and that /setup/finish verifies that no users table exists before performing any migrations or provisioning any new accounts. This is fixed in version 2.3.0. Users can patch this vulnerability without upgrading by adding abort(404) to the very first line of finishSetup in SetupController.php.
by p4kl0nc4t
CVSS 9.3
dompdf < 1.2.1 - Remote Code Execution via CSS @font-face src:url
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).
by Ravindu Wickramasinghe
CVSS 9.8
Art Gallery Management System Project in PHP 1.0 - SQL Injection via pid Parameter
Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page.
by Yogesh Verma
CVSS 9.8
AgileBio Electronic Lab Notebook <4.234 - Local File Inclusion
AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.
by Anthony Cole
CVSS 8.8
SeowonIntech SWC-5100W Firmware 1.11.0.1, 1.9.9.4 - OS Command Injection via doSystem() Function
SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem() function.
by Momen Eldawakhly
CVSS 8.8
Osprey Pump Controller 1.0.1 - Unauthenticated Remote Code Execution Exploit
by LiquidWorm
Osprey Pump Controller 1.0.1 - Authentication Bypass Credentials Modification
by LiquidWorm
EasyNAS 1.1.0 - OS Command Injection via /backup.pl
A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
by Ivan Spiridonov
CVSS 6.3
By Source