Exploitdb Exploits
4,724 exploits tracked across all sources.
M/Monit <3.7.3 - Privilege Escalation
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter.
by Dolev Farhi
CVSS 9.8
NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC)
by Alejandra Sánchez
NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC)
by Alejandra Sánchez
MISP <2.4.99 - Command Injection
An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.
by Tm9jdGlz
CVSS 8.8
MASTER IPCAMERA01 <3.3.4.2103 - RCE
MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component.
by Raffaele Sabato
CVSS 9.8
UniSharp Laravel File Manager v2.0.0-alpha7 Arbitrary File Upload
UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. Attackers can upload PHP files with the type parameter set to Files and execute arbitrary code by accessing the uploaded file through the working directory path.
by Mohammad Danish
CVSS 8.8
VSCO 1.1.1.0 Denial of Service via Search
VSCO 1.1.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string through the search functionality. Attackers can paste a buffer of 5000 characters into the search bar and navigate back to trigger an application crash.
by 0xB9
CVSS 6.2
Free IP Switcher 3.1 Denial of Service via Computer Name
Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Attackers can paste a malicious payload into the Computer Name input field and click Activate to trigger a denial of service condition that crashes the application.
by Victor Mondragón
CVSS 5.5
Navicat for Oracle 12.1.15 Password Field Denial of Service
Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer of 550 repeated characters into the password parameter during Oracle connection configuration to trigger an application crash.
by Victor Mondragón
CVSS 6.2
Pocoo Jinja2 - Code Injection
An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing
by JameelNabbo
CVSS 9.8
AirMore <1.6.1 - DoS
The AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service (system hang) via many simultaneous /?Key=PhoneRequestAuthorization requests.
by s4vitar
CVSS 7.5
Core FTP/SFTP Server 1.2 Denial of Service via Buffer Overflow
Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an application crash and deny service.
by Victor Mondragón
CVSS 7.5
MediaMonkey 4.1.23 Denial of Service via Malformed URL
MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of data appended to a URL, which causes the application to crash when the file is opened through the File > Open URL dialog.
by Alejandra Sánchez
CVSS 6.2
ApowerManager <3.1.7 - DoS
The ApowerManager application through 3.1.7 for Android allows remote attackers to cause a denial of service via many simultaneous /?Key=PhoneRequestAuthorization requests.
by s4vitar
CVSS 7.5
NetworkSleuth 3.0 - 'Name' Denial of Service (PoC)
by Alejandra Sánchez
NetworkSleuth 3.0 - 'Name' Denial of Service (PoC)
by Alejandra Sánchez
Canonical snapd <2.37.1 - Command Injection
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
by Chris Moberly
CVSS 9.8
Canonical snapd <2.37.1 - Command Injection
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
by Chris Moberly
CVSS 9.8
Shenzhen Skyworth DT741 - DoS/Remote Code Execution
An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7.
by Kaustubh G. Padwad
CVSS 9.8
VA MAX 8.3.4 Remote Code Execution via changeip.php
VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtu_eth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the mtu_eth0 field to execute commands as the apache user.
by Cody Sixteen
CVSS 8.8
River Past Video Cleaner 7.6.3 Buffer Overflow via SEH
River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll field. Attackers can craft a payload with 280 bytes of padding, a next structured exception handler override, and shellcode to trigger code execution when the application processes the input.
by crash_manucoot
CVSS 8.4
River Past CamDo 3.7.6 Structured Exception Handler Buffer Overflow
River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump instruction, and SEH handler address pointing to a pop-pop-ret gadget to trigger code execution and establish a bind shell on port 3110.
by Achilles
CVSS 8.4
NordVPN 6.19.6 Denial of Service via Email Field Buffer Overflow
NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash.
by Alejandra Sánchez
CVSS 6.2
Aveva Indusoft Web Studio - Missing Authentication
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine.
by Jacob Baines
CVSS 9.8
IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter)
by Juan Prescotto
By Source