Exploitdb Exploits
4,724 exploits tracked across all sources.
Netgear DGN2200v1 - Remote Command Execution (RCE) (Unauthenticated)
by SivertPL
Black Box Kvm Extender 3.4.31307 - Local File Inclusion
by Ferhat Çil
Simple Client Management System 1.0 - RCE
A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request.
by Ishan Saha
CVSS 9.8
Backup-guard Backup Guard < 1.6.0 - Unrestricted File Upload
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.
by Ron Jost
CVSS 7.2
TextPattern CMS 4.9.0-dev - Remote Command Execution (RCE) (Authenticated)
by Mevlüt Akçam
Online Voting System 1.0 - SQLi (Authentication Bypass) + Remote Code Execution (RCE)
by Geiseric
Ricon Industrial Cellular Router S9922XL - Remote Command Execution (RCE)
by LiquidWorm
Webnus Modern Events Calendar Lite < 5.16.5 - Unrestricted File Upload
Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.
by Ron Jost
CVSS 7.2
Webnus Modern Events Calendar Lite < 5.16.5 - Improper Access Control
Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
by Ron Jost
CVSS 7.5
Xcloner < 4.2.13 - Incorrect Authorization
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump.
by Ron Jost
CVSS 9.9
Phpabook - SQL Injection
phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script.
by Alejandro Perez
CVSS 9.8
Apache Superset 1.1.0 - Time-Based Account Enumeration
by Dolev Farhi
Estrongs ES File Explorer File Manager - Missing Authentication
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.
by Nehal Zaman
CVSS 8.1
Netgear WNAP320 2.0.3 - 'macAddress' Remote Code Execution (RCE) (Unauthenticated)
by Bryan Leong
Seeddms < 5.1.11 - Unrestricted File Upload
SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940.
by Bryan Leong
CVSS 7.5
Vmware Cloud Foundation < 3.10.1.2 - Path Traversal
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
by CHackA0101
CVSS 9.8
Tp-link Tl-wr841n Firmware < 201216 - OS Command Injection
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.
by Koh You Liang
CVSS 8.8
FCKeditor <2.6.4.1 - Path Traversal
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
by Pergyz
Online Library Management System 1.0 - Arbitrary File Upload Remote Code Execution (Unauthenticated)
by Berk Can Geyikci
Responsive Tourism Website 3.1 - Remote Code Execution (RCE) (Unauthenticated)
by Tagoletta
Oracle Solaris 10-11 - Privilege Escalation
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
by Nathaniel Singer
CVSS 10.0
Websvn < 2.6.1 - OS Command Injection
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
by g0ldm45k
CVSS 9.8
OpenEMR <5.0.2 - Info Disclosure
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.
by Ron Jost
CVSS 8.8
Online Shopping Portal Project 3.1 - SQL Injection
Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.
by Tagoletta
CVSS 8.8
Zoho ManageEngine ServiceDesk Plus MSP <10519 - Info Disclosure
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.
by Ricardo Ruiz
CVSS 5.3
By Source