Exploitdb Exploits
4,724 exploits tracked across all sources.
Prima Systems FlexAir <2.3.38 - Auth Bypass
Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password.
by LiquidWorm
CVSS 8.8
Linear eMerge E3-Series - Command Injection
Linear eMerge E3-Series devices allow Command Injections.
by LiquidWorm
CVSS 9.8
Linear eMerge E3-Series - Unrestricted File Upload
Linear eMerge E3-Series devices allow Unrestricted File Upload.
by LiquidWorm
CVSS 10.0
Linear eMerge E3-Series - RCE
Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH).
by LiquidWorm
CVSS 9.8
Schben Adive 2.0.7 - RCE
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.
by Pablo Santiago
CVSS 8.8
Jenkins Build-metrics < 1.3 - XSS
A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.
by vesche
CVSS 6.1
FileOptimizer 14.00.2524 - DoS
FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite the TempDirectory parameter with a 5000-character buffer to cause the application to crash when opening options.
by SYANiDE
CVSS 7.5
Ayukov NFTP 1.71 - Buffer Overflow
Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150.
by SYANiDE
CVSS 9.8
Aida64 Engineer 6.10.5200 - Buffer Overflow
Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV logging configuration that allows attackers to execute malicious code by crafting a specially designed payload. Attackers can exploit the vulnerability by creating a malformed log file with carefully constructed SEH (Structured Exception Handler) overwrite techniques to achieve remote code execution.
by daejinoh
CVSS 9.8
ClamAV - Code Injection
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.
by anonymous
CVSS 8.4
Apache Solr < 7.7.3 - Injection
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
by @l3x_wong
CVSS 7.5
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer Overflow
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a stack-based buffer overflow in the application's input handling.
by 4ll4u
CVSS 9.8
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer Overflow
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and License Code' field to trigger an application crash.
by Nithoshitha S
CVSS 7.5
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer Overflow
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a stack-based buffer overflow in the application's input handling.
by Nithoshitha S
CVSS 9.8
MailCarrier 2.51 - Buffer Overflow
MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remote attackers to execute arbitrary code. Attackers can send a crafted oversized buffer to the POP3 service, overwriting memory and potentially gaining remote system access.
by Lance Biggerstaff
CVSS 9.8
Microsoft Windows 7 - Security Feature Bypass
The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability."
by Thomas Zuk
Microsoft Windows 7 - Improper Access Control
The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability."
by Thomas Zuk
rConfig <3.9.2 - Command Injection
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
by Askar
CVSS 9.8
ChaosPro 2.0 - Buffer Overflow
ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious configuration file with carefully constructed payload to overwrite memory and gain remote code execution on vulnerable Windows XP systems.
by SYANiDE
CVSS 9.8
ClonOS WEB control panel 19.09 - RCE
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.
by İbrahim Hakan Şeker
CVSS 9.8
Cybelsoft Thinvnc - Path Traversal
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
by Nikhith Tumamlapalli
CVSS 9.8
Restaurant Management System 1.0 - Remote Code Execution
by Ibad Shah
X.org X Server < 1.20.4 - Out-of-Bounds Write
"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow.
by s4vitar
CVSS 7.8
By Source