Exploitdb Exploits
4,759 exploits tracked across all sources.
Monstra CMS < 3.0.4 - Authenticated Remote Code Execution via .pht or .phar File Upload
Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048.
by Ron Jost
CVSS 8.8
Gitlab 13.9.3 - Remote Code Execution (Authenticated)
by enox
PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution
by flast101
Chiyu-tech BF-430/431/450M and SEMAC Firmware - Authentication Bypass via Malformed Telnet Request
An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated.
by sirpedrotavares
CVSS 9.8
Thecus N4800Eco - Command Injection
Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. Attackers can inject commands via username and batch user creation parameters to execute shell commands with administrative privileges.
by Metin Yunus Kandemir
CVSS 8.8
GetSimple CMS 3.3.4 - Info Disclosure
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.
by Ron Jost
CVSS 7.5
Apache Airflow < 1.10.11 - Unauthenticated Remote Code Execution via Experimental API
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default
by Pepe Berba
CVSS 9.8
DupTerminator <1.4.5639.37199 - DoS
DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows 10.
by Brian Rodriguez
CVSS 7.5
LogonTracer < 1.2.0 - OS Command Injection
LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
by g0ldm45k
CVSS 9.8
Atlassian Jira 8.15.0 - Information Disclosure (Username Enumeration)
by Mohammed Aloraimi
Trixbox - 2.8.0.4 OS Command Injection
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
by Ron Jost
CVSS 8.8
Trixbox 2.8.0 - Path Traversal
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
by Ron Jost
CVSS 6.5
php-fusion 9.03.50 - Authenticated Remote Code Execution via Downloads Endpoint
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).
by g0ldm45k
CVSS 8.8
Postbird 0.8.4 - Stored Cross-Site Scripting via IMG onerror Attribute
Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and savedConnections.
by Debshubra Chakraborty
CVSS 5.4
RarmaRadio 2.72.8 - Denial of Service via Network Configuration Field Buffer Overflow
RarmaRadio 2.72.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing network configuration fields with large character buffers. Attackers can generate a 100,000 character buffer and paste it into multiple network settings fields to trigger application instability and potential crash.
by Ismael Nava
CVSS 7.5
Pluck CMS < 4.7.13 - Authenticated Remote Code Execution via File Upload Restriction Bypass
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
by Ron Jost
CVSS 7.2
Codiad 2.8.4 - Authenticated Remote Code Execution via File Upload
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.
by Ron Jost
CVSS 7.2
ProFTPD 1.3.5 - Unauthenticated Arbitrary File Read and Write via mod_copy Site Commands
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
by Shellbr3ak
Codiad Web IDE <2.8.4 - Code Injection
Codiad Web IDE through 2.8.4 allows PHP Code injection.
by Ron Jost
CVSS 9.8
Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code
by BestEffort Team
Oracle Solaris 10-11 - Privilege Escalation
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
by legend
CVSS 10.0
WebSSH for iOS 14.16.10 - Denial of Service via MashREPL Input Buffer Overflow
WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field, causing the application to crash.
by Luis Martínez
CVSS 7.5
ManageEngine ADSelfService Plus 6.1 - CSV Injection
by Metin Yunus Kandemir
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by Gonzalo Villegas
CVSS 9.1
By Source