Exploitdb Exploits
4,759 exploits tracked across all sources.
Delta Industrial Automation COMMGR <1.08 - Buffer Overflow
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.
by t4rkd3vilz
CVSS 9.8
Cisco ASA & FTD - Unauthenticated DoS & Info Disclosure via HTTP URL
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.
by Yassine Aboukir
CVSS 7.5
TP-Link TL-WA850RE <5 - Command Injection
TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json.
by yoresongo
CVSS 8.8
Apache CouchDB < 1.7.0 and 2.x < 2.1.1 - Authenticated OS Command Injection via Configuration Options
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
by Cody Zacharias
CVSS 7.2
Audiograbber 1.83 Local Buffer Overflow via SEH
Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious input in the Interpret or Album fields that triggers a buffer overflow, overwriting SEH pointers and executing injected shellcode with application privileges.
by Dennis 'dhn' Herrmann
CVSS 8.4
Redis <4.0.10 & 5.x <5.0 RC3 - Buffer Overflow
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
by Fakhri Zulkifli
CVSS 8.4
userSpice 4.3.24 Username Enumeration via existingUsernameCheck.php
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing accounts in the system.
by Dolev Farhi
CVSS 9.8
XiongMai uc-httpd 1.0.0 - Buffer Overflow
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.
by Andrew Watson
CVSS 9.8
Monstra CMS 3.0.4 - Stored Cross-Site Scripting via Name Field on Create New Page
Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php.
by DEEPIN2
CVSS 4.8
10-Strike Network Scanner 3.0 Local Buffer Overflow SEH
10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the Trace route or System information functions to achieve code execution.
by Hashim Jawad
CVSS 8.4
10-Strike Network Inventory Explorer 8.54 Buffer Overflow SEH
10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious registration key string with 4188 bytes of padding followed by SEH chain values and shellcode, then paste it into the registration dialog to achieve code execution with application privileges.
by Hashim Jawad
CVSS 8.4
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)
by Hashim Jawad
Pagekit < 1.0.13 - Stored Cross-Site Scripting via SVG Upload
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack.
by DEEPIN2
CVSS 4.8
Mailer Plugin 1.20 for Jenkins 2.111 - CSRF
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
by Kl3_GMjq6
CVSS 8.0
MediaComm Zip-n-Go < 4.95 - Buffer Overflow via Crafted File
MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file.
by Hashim Jawad
CVSS 7.8
CyberArk Password Vault < 9.7 - Exposure of Sensitive Information via Logon Message Replay
CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message.
by Thomas Zuk
CVSS 5.3
SIMATIC S7-300 CPU Firmware - Denial of Service via Crafted Packets on TCP Port 102 or Profibus
Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus.
by t4rkd3vilz
CVSS 7.5
CloudMe Sync < 1.11.0 - Buffer Overflow (SEH) (DEP Bypass)
by Juan Prescotto
SAP Internet Transaction Server 6200.X.X - Reflected Cross-Site Scripting via wgate URIs
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.
by J. Carrillo Lencina
CVSS 6.1
Siemens SCALANCE S613 - Denial of Service via TCP Port 443 Traffic
Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443.
by t4rkd3vilz
CVSS 5.3
By Source