Exploitdb Exploits
4,724 exploits tracked across all sources.
Cisco Rv110w Firmware < 1.2.0.9 - Credentials Management
The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275.
by RySh
Zortam MP3 Media Studio 24.15 - Local Buffer Overflow (SEH)
by Manpreet Singh Kheberi
Huawei Hg532e - Path Traversal
Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI.
by Rebellion
Cisco Rv110w Wireless-n VPN Firewall Firmware - OS Command Injection
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.
by RySh
CVSS 7.8
LanSpy 2.0.1.159 Local Buffer Overflow via Scan Field
LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Attackers can craft a payload with 688 bytes of padding followed by 4 bytes of controlled data to crash the application or potentially achieve code execution.
by Gionathan Reale
CVSS 8.4
SmartFTP Client 9.0.2623.0 - Denial of Service (PoC)
by Alejandra Sánchez
SmartFTP Client 9.0.2623.0 - Denial of Service (PoC)
by Alejandra Sánchez
Kubernetes <1.10.11-1.12.3 - SSRF
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
by evict
CVSS 9.8
Kubernetes <1.10.11-1.12.3 - SSRF
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
by evict
CVSS 9.8
Textpad 8.1.2 Denial of Service via Run Command
Textpad 8.1.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long buffer string through the Run command interface. Attackers can paste a 5000-byte payload into the Command field via Tools > Run to trigger a buffer overflow that crashes the application.
by Gionathan Reale
CVSS 6.2
i-doit open <1.11.2 - RCE
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file because a ZIP archive is accepted by /admin/?req=modules&action=add as a plugin, and extracted to the main directory. In order for the ".zip" file to be accepted, it must also contain a package.json file.
by AkkuS
CVSS 7.2
NEC Univerge Sv9100 Webpro Firmware - Information Disclosure
NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs.
by hyp3rlinx
CVSS 9.8
Nuuo Nvrmini2 Firmware - OS Command Injection
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.
by Artem Metla
CVSS 8.8
Openbsd Openssh < 7.7 - Race Condition
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
by Leap Security
CVSS 5.3
NEC Univerge Sv9100 Webpro Firmware - Insufficiently Protected Credentials
NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI.
by hyp3rlinx
CVSS 9.8
Fleetco FMM <1.2 - RCE
Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uploading an arbitrary ".php" file with the application/x-php Content-Type to the accidents_add.php?submit=1 URI, as demonstrated by the value_Images_1 field, which leads to remote command execution on the remote server. Any authenticated user can exploit this.
by AkkuS
CVSS 8.8
Cyberark Password Vault < 9.7 - Information Disclosure
CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message.
by Thomas Zuk
CVSS 5.3
PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure
by ParagonSec
Superset <0.23 - Code Injection
Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.
by David May
CVSS 9.8
Schneider Electric Modicon PLCs <4.0.5.11 - Info Disclosure
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised.
by Photubias
CVSS 9.1
ELBA5 5.8.0 Remote Code Execution via Database Access
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands via the xp_cmdshell stored procedure or add backdoor users to the BEDIENER table.
by Florian Bogner
CVSS 9.8
By Source