Exploitdb Exploits
4,759 exploits tracked across all sources.
H2 <1.4.197 - Info Disclosure
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.
by owodelta
CVSS 6.5
QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service (PoC)
by Luis Martínez
NetScanTools Basic Edition 2.5 - 'Hostname' Denial of Service (PoC)
by Luis Martínez
Core FTP 2.0 build 653 - Denial of Service via XRMD Command
The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial of service (daemon crash) via a crafted XRMD command.
by Erik David Martin
CVSS 7.5
10-Strike LANState 8.8 Local Buffer Overflow SEH
10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that overflows the buffer, overwrites the SEH chain, and executes shellcode when the file is opened in the application.
by absolomb
CVSS 8.4
10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH)
by absolomb
10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH)
by absolomb
GetGo Download Manager < 5.3.0.2712 - Remote Code Execution via Long HTTP Response
A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response.
by Nathu Nandwani
CVSS 9.8
Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH)
by bzyo
Mediabridge Medialink MWN-WAPR300N <5.07.50 - CSRF
Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users.
by Nathu Nandwani
CVSS 8.8
Davolink DVW-3200N <1.00.06 - Info Disclosure
Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device.
by Ankit Anubhav
CVSS 9.8
Inteno IOPSYS - Privilege Escalation
read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp.
by neonsea
CVSS 7.8
PrestaShop <1.6.1.20 & <1.7.3.4 - Info Disclosure
PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.
by Charles Fol
CVSS 9.1
D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi
D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like admin_user, wireless_settings, and wireless_security to extract administrative credentials and wireless network keys in clear text.
by Thomas Zuk
CVSS 7.5
Boxoft wav-wma Converter 1.0 Local Buffer Overflow SEH
Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers can create a specially crafted WAV file with excessive data and ROP gadgets to overwrite the SEH chain and achieve code execution on Windows systems.
by Achilles
CVSS 8.4
Oracle WebLogic Server <12.2.1.1 - RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).
by bobsecq
CVSS 9.8
VLC media player 2.2.8 - Arbitrary Code Execution (PoC)
by Eugene Ng
CMS Made Simple <2.2.5 - Authenticated RCE
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.
by Mustafa Hasan
CVSS 7.2
ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution
by Kacper Szurek
ntopng <3.4.180617 - Info Disclosure
An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they're targeting can abuse the deterministic random number generation in order to hijack the user's session, thus escalating their access.
by Ioannis Profetis
CVSS 8.1
VMware NSX SD-WAN by VeloCloud < 3.1.0 - Remote Code Execution via Local Web UI Command Injection
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.
by ParagonSec
CVSS 8.1
By Source