Exploitdb Exploits
2,731 exploits tracked across all sources.
Centreon Web , 18.10.x , 19.04.x , 19.10.x <2.8.30 <18.10.8 <19.04.5 - Remote Code Execution
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.
by TheCyberGeek
CVSS 7.2
Poly Plantronics Hub <3.14 - Privilege Escalation
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges.
by Metasploit
CVSS 7.8
Microsoft Windows 10 1507 < 1.12.16 - Improper Certificate Validation
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
by Oliver Lyak
CVSS 8.1
Crestron Am-100 Firmware < 2.4.1.19 - OS Command Injection
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
by Metasploit
CVSS 9.8
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
by mekhalleh
CVSS 9.8
Microsoft Windows 10 1507 - Improper Privilege Management
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
by Metasploit
CVSS 7.8
OpenBSD Dynamic Loader chpass Privilege Escalation
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.
by Metasploit
CVSS 7.8
Reptile Rootkit - reptile_cmd Privilege Escalation (Metasploit)
by Metasploit
OpenMRS Java Deserialization RCE
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
by Metasploit
CVSS 9.8
OpenNetAdmin 18.1.1 - Command Injection Exploit (Metasploit)
by Onur ER
FreeSWITCH <1.10.1 - Info Disclosure
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.
by Metasploit
CVSS 9.8
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
by Metasploit
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
by Metasploit
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
by Metasploit
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
by Metasploit
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
by Metasploit
CVSS 6.6
Bludit 3.9.2 - RCE
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
by Metasploit
CVSS 8.8
Pulse Secure <9.0R3.4-5.1R15.1 - Authenticated Command Injection
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
by Metasploit
CVSS 7.2
FusionPBX 4.4.3 - Command Injection
app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module.
by Metasploit
CVSS 8.8
Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit)
by max7253
eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit)
by LiquidWorm
rConfig <3.9.2 - Command Injection
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
by Metasploit
CVSS 9.8
Android Janus APK Signature bypass
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.
by Metasploit
CVSS 7.8
By Source