Exploitdb Exploits
2,731 exploits tracked across all sources.
Rconfig 3.x Chained Remote Code Execution
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
by Metasploit
CVSS 9.8
PHPStudy - Backdoor Remote Code execution (Metasploit)
by Metasploit
Nagios XI <5.6.6 - RCE
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.
by Metasploit
CVSS 8.8
Apache ActiveMQ 5.x-5.11.1 Directory Traversal Shell Upload
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.
by Metasploit
Php < 7.1.33 - Out-of-Bounds Write
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
by Metasploit
CVSS 8.7
Google Chrome <80.0.3987.122 - Heap Corruption
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by Metasploit
CVSS 8.8
Google Chrome < 73.0.3683.86 - Out-of-Bounds Write
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by Metasploit
CVSS 6.5
Google Chrome <70.0.3538.64 - RCE
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
by Metasploit
CVSS 8.8
OpenSMTPD OOB Read Local Privilege Escalation
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
by Metasploit
CVSS 9.8
Microsoft Exchange Server - Authentication Bypass
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
by Metasploit
CVSS 8.8
EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.
by Metasploit
CVSS 9.8
Cacti v1.2.8 - Unauthenticated Remote Code Execution (Metasploit)
by Lucas Amorim
Apache James Server 2.3.2 - RCE
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.
by Metasploit
CVSS 8.1
Diamorphine Rootkit - Signal Privilege Escalation (Metasploit)
by Metasploit
Diamorphine Rootkit - Signal Privilege Escalation (Metasploit)
by Metasploit
Android Binder Use-After-Free Exploit
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
by Metasploit
CVSS 7.8
Anviz Crosschex - Buffer Overflow
Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.
by Metasploit
CVSS 9.8
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)
by Metasploit
Ricoh <2020 - Privilege Escalation
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version
by Metasploit
CVSS 7.8
Dlink Dir-859 Firmware - OS Command Injection
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.
by Metasploit
CVSS 9.8
Openbsd Opensmtpd - Improper Exception Handling
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
by Metasploit
CVSS 9.8
Windscribe - Improper Input Validation
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe.
by Metasploit
CVSS 7.8
Wago PFC200 - Authenticated Remote Code Execution (Metasploit)
by 0x483d
Centreon 19.10.5 - 'Pollers' Remote Command Execution (Metasploit)
by mekhalleh
Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.
by Metasploit
CVSS 5.5
By Source