Exploitdb Exploits
4,724 exploits tracked across all sources.
Fortinet Fortiproxy < 1.2.9 - Path Traversal
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
by Carlos E. Vieira
CVSS 9.1
Eyesofnetwork - OS Command Injection
EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.
by Nassim Asrir
CVSS 8.8
ManageEngine opManager 12.3.150 - Authenticated Code Execution
by kindredsec
Microsoft Windows PowerShell - Unsanitized Filename Command Execution
by hyp3rlinx
Wind River VxWorks - Buffer Overflow
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.
by Zhou Yu
CVSS 9.8
Mitsubishielectric Smartrtu Firmware < 2.02 - OS Command Injection
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data.
by xerubus
CVSS 9.8
Mitsubishielectric Smartrtu Firmware < 2.02 - Missing Authentication
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data).
by xerubus
CVSS 7.5
NSA Ghidra <9.1 - Path Traversal
In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis result is archived for sharing with other persons. To achieve arbitrary code execution, one approach is to overwrite some critical Ghidra modules, e.g., the decompile module.
by Etienne Lacoche
CVSS 7.8
ARMBot - Unrestricted File Upload
ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../public_html/ to write executable code to the web root and achieve remote code execution.
by prsecurity
CVSS 7.5
Amcrest Ip2m-841b Firmware < 2018-05-18 - Missing Authentication
The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and potentionally listen to the audio of the capturing device.
by Jacob Baines
CVSS 7.5
Ahsay Cloud Backup Suite < 8.1.1.50 - Unrestricted File Upload
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator).
by Wietse Boonstra
CVSS 8.8
WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions
by yasin
Bacnet Protocol Stack < 0.8.6 - Out-of-Bounds Read
BACnet Protocol Stack through 0.8.6 has a segmentation fault leading to denial of service in BACnet APDU Layer because a malformed DCC in AtomicWriteFile, AtomicReadFile and DeviceCommunicationControl services. An unauthenticated remote attacker could cause a denial of service (bacserv daemon crash) because there is an invalid read in bacdcode.c during parsing of alarm tag numbers.
by mmorillo
CVSS 7.5
MAPLE WBT SNMP Admin <2.0.195.15 - Buffer Overflow
SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987.
by sasaga92
CVSS 9.8
FUEL CMS 1.4.1 - RCE
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
by 0xd0ff9
CVSS 9.8
WinMPG iPod Convert 3.0 - Buffer Overflow
WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service condition.
by stresser
CVSS 6.2
R 3.4.4 Windows x64 - Buffer Overflow
R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler chain pivot and execute arbitrary shellcode with application privileges.
by blackleitus
CVSS 6.2
Solarwinds Dameware Mini Remote Control < 12.1 - Memory Corruption
SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow.
by Xavi Beltran
CVSS 7.8
Streamripper 2.6 - 'Song Pattern' Buffer Overflow
by Andrey Stoykov
Streamripper 2.6 - 'Song Pattern' Buffer Overflow
by Andrey Stoykov
Sahi Pro 8.0.0 - Command Injection
_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function.
by AkkuS
CVSS 9.8
Citrix Netscaler Sd-wan < 10.0.8 - OS Command Injection
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
by Chris Lyne
CVSS 8.8
Castlerock Simple Network Management ... - Out-of-Bounds Write
nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0.9 has a stack-based buffer overflow via a long variable string in a Map Objects text file.
by xerubus
CVSS 7.8
By Source