Exploitdb Exploits
4,724 exploits tracked across all sources.
pfSense <2.4.4-p3 - RCE
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.
by Nassim Asrir
CVSS 8.8
InputMapper 1.6.10 - Buffer Overflow
InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to process it, causing the application to crash.
by elkoyote07
CVSS 5.5
HPE IMC <7.3 - Info Disclosure
A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
by Lazy Hacker
CVSS 5.3
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
by anonymous
CVSS 9.8
Verypdf docPrint Pro 8.0 - Buffer Overflow
Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with encoded shellcode and SEH chain manipulation to bypass protections and execute a MessageBox proof-of-concept when the password fields are processed during PDF encryption.
by Connor McGarr
CVSS 8.4
Folder Lock 7.7.9 - Buffer Overflow
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and Registration Key' field to trigger a denial of service condition.
by Achilles
CVSS 6.2
eWON Firmware 12.2-13.0 - Auth Bypass
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentials and a crafted wsdList parameter to extract encrypted passwords for all users, which can be decrypted using a hardcoded XOR key.
by Photubias
CVSS 7.5
Epross AVCON6 - Command Injection
Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OGNL payloads in the redirect parameter to instantiate ProcessBuilder objects and execute system commands with root privileges.
by Nassim Asrir
CVSS 9.8
NETSAS Enigma NMS <65.0.0 - Command Injection
An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action.
by xerubus
CVSS 9.8
Microsoft Windows NTFS - Privileged File Access Enumeration
by hyp3rlinx
Pulse Secure <9.0R3.4-5.1R15.1 - Authenticated Command Injection
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
by Justin Wagner
CVSS 7.2
Fusionpbx - OS Command Injection
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command.
by Askar
CVSS 8.8
Microsoft Windows - 'WSReset' UAC Protection Bypass (Registry)
by valen
SQL Server Password Changer 1.90 - Buffer Overflow
SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition.
by Velayutham Selvaraj_ Praveen Thiyagarayam
CVSS 6.2
Easy MP3 Downloader 4.7.8.8 - Buffer Overflow
Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field during application startup to trigger a denial of service condition.
by Mohan Ravichandran_ Snazzy Sanoj
CVSS 6.2
VX Search Enterprise 10.4.16 - 'User-Agent' Denial of Service
by James Chamberlain
VX Search Enterprise 10.4.16 - 'User-Agent' Denial of Service
by James Chamberlain
Asus Precision Touchpad - Access Control
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.
by Athanasios Tserpelis
CVSS 9.8
Outlook Password Recovery 2.10 - Buffer Overflow
Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the User Name and Registration Code field to trigger a denial of service condition.
by Velayutham Selvaraj_ Praveen Thiyagarayam
CVSS 6.2
Tableau Server < 10.5.18 - XXE
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.
by Jarad Kopf
CVSS 8.1
openITCOCKPIT <3.7.1 - XSS
openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component.
by Julian Rittweger
CVSS 6.1
RAR Password Recovery 1.80 - Buffer Overflow
RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. Attackers can craft a malicious input string exceeding 6000 bytes and paste it into the User Name and Registration Code field to trigger an application crash.
by Achilles
CVSS 6.2
By Source