Exploitdb Exploits
2,689 exploits tracked across all sources.
Belkin Crock-Pot Smart Slow Cooker with WeMo Firmware - Unauthenticated OS Command Injection via SmartDevURL Argument
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication.
by Metasploit
CVSS 9.8
NUUO NVRmini Firmware - Remote Command Execution via uploaddir Parameter
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
by Metasploit
CVSS 9.8
Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
by Metasploit
CVSS 9.8
Evince CBT File Command Injection
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
by Metasploit
CVSS 7.8
AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)
by Metasploit
AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)
by Metasploit
GattLib 0.2 - Stack-Based Buffer Over-Read in gattlib_connect
GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused.
by Dhiraj Mishra
CVSS 8.8
Webmin 1.900 - Remote Code Execution via Upload and Download Privilege Abuse
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.
by AkkuS
CVSS 7.8
Blueman <2.0.3 - Privilege Escalation
The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument.
by Metasploit
CVSS 8.4
HooToo TripMate Titan HT-TM05 Firmware 2.000.022 and 2.000.082 - Remote Command Execution via mac Parameter
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.
by Andrei Manole
CVSS 9.8
Microsoft.Data.OData - Denial of Service via Improper Web Request Handling
A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects Microsoft.Data.OData.
by Gal Zror
CVSS 7.5
Mailcleaner - (Authenticated) Remote Code Execution (Metasploit)
by Mehmet Ince
Hashicorp Consul - Remote Command Execution via Services API (Metasploit)
by Metasploit
Hashicorp Consul - Remote Command Execution via Services API (Metasploit)
by Metasploit
Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)
by Metasploit
Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)
by Metasploit
Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit)
by Metasploit
Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit)
by Metasploit
Rukovoditel 2.3.1 - Authenticated Remote Code Execution via Malicious Background Image Upload
A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in ".php" with mixed case, such as the .pHp extension.
by AkkuS
CVSS 8.8
Safari < 11.1.1 - Remote Code Execution via WebKit Memory Corruption
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Metasploit
CVSS 8.8
Safari Proxy Object Type Confusion
In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling.
by Metasploit
CVSS 8.8
CyberLink LabelPrint 2.5 - Stack-based Buffer Overflow via LPP Project File Parameters
Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.
by Metasploit
CVSS 7.8
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Untrusted Data Deserialization
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
by Metasploit
CVSS 9.8
Emacs - movemail Privilege Escalation (Metasploit)
by Metasploit
By Source