Exploitdb Exploits
2,731 exploits tracked across all sources.
Hashicorp Consul - Remote Command Execution via Services API (Metasploit)
by Metasploit
Hashicorp Consul - Remote Command Execution via Services API (Metasploit)
by Metasploit
Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)
by Metasploit
Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)
by Metasploit
Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit)
by Metasploit
Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit)
by Metasploit
Rukovoditel 2.3.1 - Code Injection
A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in ".php" with mixed case, such as the .pHp extension.
by AkkuS
CVSS 8.8
Apple Safari < 11.1.1 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Metasploit
CVSS 8.8
Safari Proxy Object Type Confusion
In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling.
by Metasploit
CVSS 8.8
CyberLink LabelPrint 2.5 - RCE
Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.
by Metasploit
CVSS 7.8
HP Intelligent Management Center < 7.3 - Insecure Deserialization
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
by Metasploit
CVSS 9.8
Emacs - movemail Privilege Escalation (Metasploit)
by Metasploit
Emacs - movemail Privilege Escalation (Metasploit)
by Metasploit
Apache Spark - (Unauthenticated) Command Execution (Metasploit)
by Metasploit
Apache Spark - (Unauthenticated) Command Execution (Metasploit)
by Metasploit
TeamCity Agent - XML-RPC Command Execution (Metasploit)
by Metasploit
TeamCity Agent - XML-RPC Command Execution (Metasploit)
by Metasploit
Mac OS X libxpc MITM Privilege Escalation
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a logic error.
by Metasploit
CVSS 7.8
University of Washington IMAP Toolkit 2007f - Command Injection
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.
by Metasploit
CVSS 7.5
Unitrends Backup < 10.1.10 - SQL Injection
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.
by Metasploit
CVSS 9.8
Linux Nested User Namespace idmap Limit Local Privilege Escalation
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.
by Metasploit
CVSS 7.0
Netgear Devices Unauthenticated Remote Command Execution
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
by Metasploit
CVSS 9.8
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
by Metasploit
CVSS 6.6
By Source