Exploitdb Exploits
4,759 exploits tracked across all sources.
Siemens SIMATIC S7-1500 CPU Firmware < 1.6 - Denial of Service via Crafted TCP Packets
Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets.
by t4rkd3vilz
GitBucket 4.23.1 Unauthenticated Remote Code Execution
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR plugin via the git-lfs endpoint, and execute system commands through an exposed exploit endpoint.
by Kacper Szurek
CVSS 9.8
Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) (DEP Bypass)
by Juan Prescotto
Prime95 29.4b8 Local Buffer Overflow via SEH
Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger the overflow and execute system commands.
by crash_manucoot
CVSS 8.4
DHCP Client Command Injection (DynoRoot)
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
by Kevin Kirsche
CVSS 7.5
Intelbras NCLOUD 300 1.0 - Unauthenticated Information Disclosure via ExportSettings.sh
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved.
by Pedro Aguiar
CVSS 9.8
p910nd - Inteno IOPSYS 2.0-4.2.0 - Info Disclosure
p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100.
by neonsea
CVSS 8.8
Microsoft Windows RRAS Service - Remote Code Execution
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability".
by vportal
CVSS 6.6
Allok Video Splitter 3.1.1217 Buffer Overflow via License Name
Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service or execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious payload exceeding 780 bytes, paste it into the License Name registration field, and trigger the overflow when the Register button is clicked.
by Achilles
CVSS 7.8
FTPShell Client 6.7 - Remote Code Execution via FTP 220 Response Buffer Overflow
An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and CVE-2017-6465.
by r4wd3r
CVSS 9.8
Easy MPEG to DVD Burner 1.7.11 SEH Local Buffer Overflow
Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode that overwrites the SEH handler to redirect execution and run arbitrary commands like opening calc.exe.
by Marwan Shamel
CVSS 8.4
LibreOffice 6.0.3 - Apache OpenOffice Writer 4.1.5 - Info Disclosure
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.
by Richard Davy
CVSS 7.5
Exim < 4.90.1 - Remote Code Execution via base64d Buffer Overflow
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
by straight_blast
CVSS 9.8
TBK DVR4104 and DVR4216 - Unauthenticated Authentication Bypass via Cookie Header
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
by ezelf
CVSS 9.8
Nagios XI 5.2.0-5.4.12 - Remote Code Execution via OS Command Injection
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.
by Jared Arave
CVSS 8.8
Nagios XI 5.2.0-5.4.12 - SQL Injection via selInfoKey1 Parameter
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.
by Jared Arave
CVSS 9.8
Nagios XI 5.2.0-5.4.12 - Unauthenticated SQL Injection via Core Config Manager
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability.
by Jared Arave
CVSS 9.8
Nagios XI <5.4.13 - Privilege Escalation
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root.
by Jared Arave
CVSS 8.8
Allok AVI to DVD SVCD VCD Converter 4.0.1217 Buffer Overflow SEH
Allok AVI to DVD SVCD VCD Converter 4.0.1217 contains a structured exception handling (SEH) based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with junk data, NSEH bypass, SEH handler address, and shellcode that triggers the overflow when pasted into the License Name field and the Register button is clicked, resulting in code execution.
by T3jv1l
CVSS 7.8
SickRage < 2018.03.09-1 - Unprotected Credential Exposure via HTTP Response
SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.
by Sven Fassbender
CVSS 9.8
By Source