Exploitdb Exploits
4,759 exploits tracked across all sources.
Hasura GraphQL 1.3.3 - Server-Side Request Forgery via Remote Schema Injection
Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the add_remote_schema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL definitions to potentially access internal network resources.
by Dolev Farhi
CVSS 5.3
Hasura GraphQL 1.3.3 - Local File Read via SQL Injection in Query Endpoint
Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the query endpoint. Attackers can exploit the pg_read_file() PostgreSQL function by crafting malicious SQL queries to read arbitrary files on the server.
by Dolev Farhi
CVSS 5.5
Hasura GraphQL 1.3.3 - Denial of Service via Malicious GraphQL Query
Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint.
by Dolev Farhi
CVSS 7.5
Remote Clinic 2.0 - Stored Cross-Site Scripting via Staff Registration First or Last Name Field
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php.
by nu11secur1ty
CVSS 5.4
GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not directly enable remote code execution.
by boku
CVSS 6.5
GetSimple CMS My SMTP Contact Plugin <1.1.2 - Code Injection
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server.
by boku
CVSS 7.2
glFTPd 2.11a - Denial of Service via Connection Limit Exhaustion
An issue was discovered in glFTPd 2.11a that allows remote attackers to cause a denial of service via exceeding the connection limit.
by xynmaps
CVSS 7.5
htmly 2.8.0 - Stored Cross-Site Scripting via Blog Title Tagline or Description
htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php.
by nu11secur1ty
CVSS 5.4
Horde Groupware Webmail < 5.2.22 - Cross-Site Scripting via Text2html.php PreProcess
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses.
by nu11secur1ty
CVSS 6.1
vsftpd 2.3.4 - Backdoor Command Execution
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
by HerculesRD
CVSS 9.8
PrestaShop <1.7.6.8 - Blind SQL Injection
PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8
by Vanshal Gaur
CVSS 9.8
Dell EMC OpenManage Server Administrator < 9.4 - Unauthenticated Path Traversal via Web API Request
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.
by Rhino Security Labs
CVSS 9.1
Mini Mouse 9.2.0 - Unauthenticated Remote Code Execution via /op=command Endpoint
Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command endpoint to download and execute payloads by sending crafted JSON requests with malicious script commands.
by gosh
CVSS 9.8
F5 iControl REST Unauthenticated SSRF Token Generation RCE
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
by Al1ex
CVSS 9.8
ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (1)
by Fellipe Oliveira
ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (2)
by Fellipe Oliveira
DD-WRT 45723 - Remote Code Execution via UPNP M-SEARCH UUID Buffer Overflow
DD-WRT version 45723 contains a buffer overflow vulnerability in the UPNP network discovery service that allows remote attackers to potentially execute arbitrary code. Attackers can send crafted M-SEARCH packets with oversized UUID payloads to trigger buffer overflow conditions on the target device.
by Enesdex
CVSS 9.8
GetSimple CMS 3.3.16 - Reflected Cross-Site Scripting in Login Portal
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form.
by boku
CVSS 6.1
vsftpd 3.0.3 - Denial of Service via Connection Limit Exhaustion
VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.
by xynmaps
CVSS 7.5
Flexense SyncBreeze Enterprise 10.1.16 - Buffer Overflow via Destination Directory Field
Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either within an XML document or through use of passive mode.
by Filipe Oliveira
CVSS 7.8
Dolibarr < 11.0.5 - Authenticated Arbitrary File Upload and Remote Code Execution via .pht and .phar Files
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).
by Andrea Gonzalez
CVSS 8.8
Codiad < 2.8.4 - Remote Code Execution
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
by WangYihang
CVSS 9.8
ProFTPD 1.3.7a - Denial of Service via Multiple Simultaneous FTP Connections
ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access.
by xynmaps
CVSS 7.5
Profiling System for Human Resource Management 1.0 - Remote Code Execution (Unauthenticated)
by Christian Vierschilling
By Source