Exploitdb Exploits

2,731 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-9194 EXPLOITDB CRITICAL ruby VERIFIED
Std42 Elfinder < 2.1.48 - OS Command Injection
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
by Metasploit
CVSS 9.8
CVE-2019-11444 EXPLOITDB HIGH ruby
Liferay Portal CE 7.1.2 GA3 - Command Injection
An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call, as demonstrated by "def cmd =" in the ServerAdminPortlet_script value to group/control_panel/manage. Valid credentials for an application administrator user account are required. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run groovy scripts and therefore not a design flaw
by AkkuS
CVSS 7.2
CVE-2019-11445 EXPLOITDB HIGH ruby
OpenKM 6.3.2-6.3.7 - RCE
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Filesystem path control in the admin's Export field. As a result, attackers can gain remote code execution through the application server with root privileges.
by AkkuS
CVSS 7.2
CVE-2019-6340 EXPLOITDB HIGH ruby VERIFIED
Drupal < 8.5.11 - Insecure Deserialization
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
by Metasploit
CVSS 8.1
EIP-2026-103146 EXPLOITDB ruby VERIFIED
Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
by Metasploit
EIP-2026-103145 EXPLOITDB ruby VERIFIED
Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
by Metasploit
EIP-2026-101415 EXPLOITDB ruby
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
by AkkuS
CVE-2012-0217 EXPLOITDB ruby VERIFIED
FreeBSD Intel SYSRET Privilege Escalation
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
by Metasploit
CVE-2019-9581 EXPLOITDB HIGH ruby
phpscheduleit Booked Scheduler <2.7.5 - RCE
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension.
by AkkuS
CVSS 8.8
CVE-2019-9623 EXPLOITDB CRITICAL ruby
Feng Office <3.7.0.5 - RCE
Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php.
by AkkuS
CVSS 9.8
EIP-2026-103330 EXPLOITDB ruby
Usermin 1.750 - Remote Command Execution (Metasploit)
by AkkuS
CVE-2018-18982 EXPLOITDB HIGH ruby VERIFIED
Nuuo Cms < 3.3 - SQL Injection
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.
by Metasploit
CVSS 8.8
CVE-2019-12780 EXPLOITDB CRITICAL ruby
Belkin Crock-pot Smart Slow Cooker Wi... - OS Command Injection
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication.
by Metasploit
CVSS 9.8
EIP-2026-103288 EXPLOITDB ruby
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
by AkkuS
CVE-2018-14933 EXPLOITDB CRITICAL ruby VERIFIED
NUUO NVRmini - RCE
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
by Metasploit
CVSS 9.8
CVE-2016-4117 EXPLOITDB CRITICAL ruby VERIFIED
Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
by Metasploit
CVSS 9.8
CVE-2017-1000083 EXPLOITDB HIGH ruby VERIFIED
Evince CBT File Command Injection
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
by Metasploit
CVSS 7.8
EIP-2026-102772 EXPLOITDB ruby VERIFIED
AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)
by Metasploit
EIP-2026-102771 EXPLOITDB ruby VERIFIED
AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)
by Metasploit
CVE-2019-6498 EXPLOITDB HIGH ruby
Labapart Gattlib - Out-of-Bounds Read
GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused.
by Dhiraj Mishra
CVSS 8.8
CVE-2019-9624 EXPLOITDB HIGH ruby
Webmin 1.900 - RCE
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.
by AkkuS
CVSS 7.8
CVE-2015-8612 EXPLOITDB HIGH ruby VERIFIED
Blueman <2.0.3 - Privilege Escalation
The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument.
by Metasploit
CVSS 8.4
CVE-2018-20841 EXPLOITDB CRITICAL ruby
Hootoo Tripmate Titan Ht-tm05 Firmware - OS Command Injection
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.
by Andrei Manole
CVSS 9.8
CVE-2018-8269 EXPLOITDB HIGH ruby
Microsoft Data OData - DoS
A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects Microsoft.Data.OData.
by Gal Zror
CVSS 7.5
EIP-2026-114671 EXPLOITDB ruby
Mailcleaner - (Authenticated) Remote Code Execution (Metasploit)
by Mehmet Ince
By Source
All 2,731 Exploitdb 50,123 Writeup 46,593 Nomisec 21,119 Metasploit 3,189 Github 2,225 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,728 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 256 c++ 245 shell 68 go 41 postscript 25 xml 24