Exploitdb Exploits
4,724 exploits tracked across all sources.
Mantisbt < 1.3.20 - OS Command Injection
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
by Nikolas Geiselman
CVSS 7.2
Titanhq Spamtitan - Code Injection
An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request.
by Felipe Molina
CVSS 8.8
Microsoft Sql Server - Insecure Deserialization
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
by West Shepherd
CVSS 8.8
Gnome Fonts Viewer 3.34.0 - Memory Corruption
Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to cause an infinite malloc() loop and potentially crash the gnome-font-viewer process.
by Cody Winkler
CVSS 7.5
Vtenext - CSRF
A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.
by Marco Ruela
CVSS 8.8
Vtenext - Unrestricted File Upload
A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.
by Marco Ruela
CVSS 8.8
Vtenext - XSS
A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email.
by Marco Ruela
CVSS 6.1
CutePHP CuteNews 2.1.2 - Code Injection
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
by Musyoka Ian
CVSS 8.8
Audio Playback Recorder 3.2.2 - Buffer Overflow
Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler (SEH) to execute shellcode when pasting specially crafted input into the application's input fields.
by Felipe Winsnes
CVSS 8.4
Zohocorp Manageengine Applications Manager - Unrestricted File Upload
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.
by Hodorsec
CVSS 7.2
Rukovoditel - Path Traversal
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.
by danyx07
CVSS 9.8
BlazeDVD 7.0 Professional - '.plf' Local Buffer Overflow (SEH_ASLR_DEP)
by emalp
CMS Made Simple 2.2.14 - Arbitrary File Upload (Authenticated)
by Luis Noriega
Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation
Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating role settings without authentication.
by LiquidWorm
CVSS 9.8
ASX to MP3 converter 3.1.3.7.2010.11.05 - '.wax' Local Buffer Overflow (DEP_ASLR Bypass) (PoC)
by Paras Bhatia
Midasolutions Eframework < 2.9.0 - OS Command Injection
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
by elbae
CVSS 9.8
Microsoft .net Core < 15.9 - Remote Code Execution
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
by West Shepherd
CVSS 7.8
Artica Web Proxy 4.30.00000000 - SQL Injection
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
by Dan Duffy
CVSS 9.8
QlikView 12.50.20000.0 - DoS
QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent normal functionality.
by Luis Martínez
CVSS 6.2
Acti Nvr - Buffer Overflow
ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload.
by MegaMagnus
CVSS 7.5
Mocha Telnet Lite for iOS 4.2 - DoS
Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the user configuration input. Attackers can overwrite the 'User' field with 350 bytes of repeated characters to trigger an application crash and prevent normal functionality.
by Luis Martínez
CVSS 7.5
RTSP for iOS 1.0 - 'IP Address' Denial of Service (PoC)
by Luis Martínez
Pi-hole Web <4.3.2 - RCE
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.
by Luis Vacacas
CVSS 7.2
Daily Expenses Management System 1.0 - 'username' SQL Injection
by Daniel Ortiz
By Source