Exploitdb Exploits
4,728 exploits tracked across all sources.
Codecrafters Ability Mail Server - XSS
Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4.
by Aloyce J. Makalanga
CVSS 6.1
Embedthis GoAhead <3.6.5 - Remote Code Execution
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.
by Daniel Hodson
CVSS 8.1
Outlook for Android - Attachment Download Directory Traversal
by Google Security Research
Innotube Itguard Manager - OS Command Injection
cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning with "admin|" to use the '|' metacharacter.
by Nassim Asrir
CVSS 9.8
SyncBreeze <10.2.12 - DoS
The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header on making a connection, resulting in a classic Buffer Overflow that causes a Denial of Service.
by Manuel García Cárdenas
CVSS 7.5
Linksys WVBR0 - RCE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.
by nixawk
CVSS 9.8
Labf Nfsaxe - Memory Corruption
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.
by wetw0rk
CVSS 9.8
LabF nfsAxe FTP client <3.7 - RCE
Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely.
by wetw0rk
CVSS 9.8
Claymore Dual GPU miner 10.1 - Path Traversal
The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathname to miner_file or miner_getfile.
by tintinweb
CVSS 8.1
Claymore Dual GPU miner 10.1 - RCE
The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging.
by tintinweb
CVSS 9.8
Socusoft Co Photo 2 Video Converter 8.0.0 - Buffer Overflow
Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation (dependant upon conditions), shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is: The attacker must have access to local system (either directly, or remotley).
by ret2eax
CVSS 7.8
HP Intelligent Management Center < 7.3 - Improper Input Validation
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
by Chris Lyne
CVSS 9.8
Dup Scout Enterprise 10.0.18 - 'Input Directory' Local Buffer Overflow (SEH)
by Miguel Mendez Z
HP Intelligent Management Center < 7.3 - Improper Input Validation
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
by Chris Lyne
CVSS 9.8
Synology StorageManager 5.2 - Root Remote Command Execution
by SecuriTeam
Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download
by Google Security Research
ALLPlayer 7.5 - Local Buffer Overflow (SEH Unicode)
by sickness
Vonage VDV-23 115 <3.2.11-0.9.40 - DoS
On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot.
by Nu11By73
CVSS 7.5
Apple <11.1 - DoS
An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted text file.
by Russian Otter
CVSS 5.5
VX Search 10.2.14 - 'Proxy' Local Buffer Overflow (SEH)
by wetw0rk
By Source