Exploitdb Exploits
4,724 exploits tracked across all sources.
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
by Anurag Srivastava
PhreeBooks ERP 5.2.3 Remote Code Execution via Image Manager
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them to establish reverse shell connections and execute system commands.
by Metin Yunus Kandemir
CVSS 8.8
AIDA64 Business 5.99.4900 SEH Buffer Overflow via EggHunter
AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode. Attackers can inject egg hunter shellcode through the SMTP display name field in preferences or report wizard functionality to trigger the overflow and execute code with application privileges.
by Peyman Forouzan
CVSS 8.4
PhreeBooks 5.2.3 - Authenticated RCE
PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server.
by Metin Yunus Kandemir
CVSS 8.8
AIDA64 Extreme 5.99.4900 SEH Buffer Overflow via EggHunter
AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email preferences and report wizard interfaces. Attackers can inject crafted payloads into the Display name field and Load from file parameter to trigger the overflow and execute shellcode with application privileges.
by Peyman Forouzan
CVSS 8.4
phpFileManager 1.7.8 Local File Inclusion via index.php
phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fm_current_dir, and filename parameters. Attackers can send GET requests to index.php with crafted parameter values to access sensitive files like /etc/passwd from the server.
by Murat Kalafatoglu
CVSS 6.2
TCPDF <6.2.22 - Deserialization
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
by q3rv0
CVSS 9.8
Cmsmadesimple Cms Made Simple - SQL Injection
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
by Daniele Scanu
CVSS 8.1
Base64 Decoder 1.1.2 Local Buffer Overflow SEH Egghunter
Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-RET gadget address, and uses an egghunter payload to locate and execute shellcode for code execution.
by Paolo Perego
CVSS 8.4
Thomsonreuters Concourse Matter Room < 2.13.0098 - Path Traversal
An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine's SAM and SYSTEM database files, as well as remote code execution.
by 0v3rride
CVSS 9.8
Microsoft Visio 2016 16.0.4738.1000 - 'Log in accounts' Denial of Service
by César Adrián Coronado Llanos
X-NetStat Pro 5.63 Local Buffer Overflow via EggHunter
X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to locate and execute the payload when the application processes malicious input through HTTP Client or Rules functionality.
by Peyman Forouzan
CVSS 8.4
Dvd-x-player Dvd X Player - Memory Corruption
DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf file, a related issue to CVE-2007-3068.
by Paolo Perego
CVSS 7.8
Ruby On Rails File Content Disclosure (
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
by NotoriousRebel
CVSS 7.5
NetShareWatcher 1.5.8.0 - Local SEH Buffer Overflow
by Peyman Forouzan
Advanced Host Monitor 11.92 beta - Local Buffer Overflow
by Peyman Forouzan
Advanced Host Monitor 11.92 beta - Local Buffer Overflow
by Peyman Forouzan
WinAVI iPod 3GP MP4 PSP Converter 4.4.2 Denial of Service
WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash.
by Achilles
CVSS 6.2
WinMPG Video Convert 9.3.5 Buffer Overflow Local Denial of Service
WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Attackers can paste a large payload of 6000 bytes into the Name and Registration Code field to trigger a denial of service condition.
by Achilles
CVSS 6.2
Tabs Mail Carrier 2.5.1 Buffer Overflow via MAIL FROM
Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25 and send a malicious MAIL FROM command with an oversized buffer to overwrite the EIP register and execute a bind shell payload.
by Joseph McDonagh
CVSS 9.8
CMSMS <2.2.10 - Info Disclosure
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
by Daniele Scanu
CVSS 6.5
Pegasus CMS 1.0 Remote Code Execution via extra_fields.php
Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the action parameter to achieve code execution and obtain an interactive shell.
by R3zk0n
CVSS 9.8
FTPGetter Standard <5.97.0.177 - RCE
FTPGetter Standard v.5.97.0.177 allows remote code execution when a user initiates an FTP connection to an attacker-controlled machine that sends crafted responses. Long responses can also crash the FTP client with memory corruption.
by w4fz5uck5
CVSS 9.8
Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution
by sud0woodo
Apache Tika <1.18 - Command Injection
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.
by Rhino Security Labs
CVSS 8.1
By Source