Exploitdb Exploits
2,731 exploits tracked across all sources.
Polycom Shell HDX Series - Traceroute Command Execution (Metasploit)
by Metasploit
Arq <5.10 - Privilege Escalation
The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet.
by Mark Wadham
CVSS 7.8
Apple <macOS High Sierra - Privilege Escalation
An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name.
by Metasploit
CVSS 8.1
pfSense - (Authenticated) Group Member Remote Command Execution (Metasploit)
by Metasploit
D-Link DIR-850L - OS Command Execution (Metasploit)
by Metasploit
Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.
by 0xFFFFFF
CVSS 8.8
Mako Server 2.5-2.6 - Command Injection
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute() code, which is then persisted on disk and triggered via a subsequent GET request to examples/manage.lsp. This allows remote command execution on the underlying operating system, impacting both Windows and Unix-based deployments.
by Metasploit
Apple Mac OS X - Command Injection
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.
by Metasploit
Netgear Dgn1000 Firmware < 1.1.00.48 - Missing Authentication
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC.
by Metasploit
CVSS 9.8
Polycom Hdx System Software < 3.0.5 - Hard-coded Credentials
An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password.
by Metasploit
CVSS 9.8
Unitrends UEB http api remote code execution
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.
by Metasploit
CVSS 9.8
Unitrends UEB bpserverd authentication bypass RCE
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.
by Metasploit
CVSS 9.8
Apache Tomcat < 7.0.82 - Unrestricted File Upload
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
by Metasploit
CVSS 8.1
Flexense SyncBreeze Enterprise <10.1.16 - Buffer Overflow
There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows SYSTEM account.
by wetw0rk
CVSS 7.8
Trendmicro Officescan - Improper Input Validation
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
by Mehmet Ince
CVSS 9.8
Trend Micro InterScan Messaging Security (Virtual Appliance) - 'Proxy.php' Remote Code Execution (Metasploit)
by Mehmet Ince
OrientDB 2.2.2 < 2.2.22 - Remote Code Execution (Metasploit)
by Metasploit
Rancher Server - Docker Daemon Code Execution (Metasploit)
by Metasploit
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
by Metasploit
CVSS 9.8
Lcds Laquis Scada < 4.1.0.3237 - Path Traversal
Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.
by James Fitts
CVSS 5.3
NodeJS Debugger - Command Injection (Metasploit)
by Metasploit
Supervisor XML-RPC Authenticated Remote Code Execution
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
by Metasploit
CVSS 8.8
Disk Pulse Enterprise 9.9.16 - GET Buffer Overflow (Metasploit)
by Metasploit
DenyAll WAF < 6.3.0 - Remote Code Execution (Metasploit)
by Mehmet Ince
Lockstep Backup for Workgroups 4.0.3 - Remote Buffer Overflow (Metasploit)
by James Fitts
By Source