Exploitdb Exploits
2,689 exploits tracked across all sources.
SolarWinds LEM 6.3.1 - Remote Code Execution (Metasploit)
by Mehmet Ince
IBM Sterling B2B Integrator - Remote Code Execution via Apache Commons Collections Deserialization
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
by Metasploit
CVSS 9.8
GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution
by iblue
Apache Struts 2.3.x < 2.3.32 and 2.5.x < 2.5.10.1 - Remote Code Execution via Jakarta Multipart Parser
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
by Metasploit
CVSS 9.8
NETGEAR D6220/D6400/R6250/R6400/R6700/R6900/R7000/R7100LG/R7300DST/R7900/R8000 Firmware - Remote Code Execution
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
by Metasploit
CVSS 8.8
SysGauge 1.5.18 - SMTP Validation Buffer Overflow (Metasploit)
by Metasploit
MVPower TV-7104HE and TV7108HE Firmware - Unauthenticated Remote Code Execution via Web Shell
MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE" because of the easily identifying HTTP response server field. Other firmware versions, at least from 2014 through 2019, can be affected. This was exploited in the wild in 2017 through 2022.
by Metasploit
CVSS 9.8
Geutebruck IP Camera G-Cam/EFD-2250 <1.11.0.12 - Command Injection
An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution.
by RandoriSec
CVSS 9.8
Geutebruck IP Camera G-Cam/EFD-2250 <1.11.0.12 - Auth Bypass
An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution.
by RandoriSec
CVSS 9.8
Piwik 2.14.0/2.16.0/2.17.1/3.0.1 - Superuser Plugin Upload (Metasploit)
by Metasploit
HPE Smart Storage Administrator <2.60.18.0 - RCE
A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.
by MaKyOtOx
CVSS 8.8
WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby)
by Harsh Jaiswal
AlienVault OSSIM & USM <5.3.2 - Code Injection
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.
by Mehmet Ince
CVSS 9.8
SVG Animation - Use After Free
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
by Metasploit
CVSS 7.5
Geutebrueck Gcore <1.4.2.37 - Buffer Overflow
Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request.
by Maurice Popp
CVSS 9.8
Disk Savvy Enterprise - GET Buffer Overflow (Metasploit)
by Metasploit
Disk Savvy Enterprise - GET Buffer Overflow (Metasploit)
by Metasploit
Pagekit < 1.0.11 - Unauthenticated Password Reset via Debug Toolbar
An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.
by Saurabh Banawar
CVSS 7.5
DiskBoss Enterprise - GET Buffer Overflow (Metasploit)
by Metasploit
Trend Micro InterScan Messaging Security (Virtual Appliance) < 9.1.-1600 - Remote Code Execution (Metasploit)
by Mehmet Ince
Cisco Firepower Mgmt Cntr <6.0.1 - RCE
The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.
by Metasploit
CVSS 8.8
Android get_user/put_user Exploit
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.
by Metasploit
CVSS 8.8
SonicWall Secure Remote Access Server 8.1.0.2-14sv - Remote Command Injection
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filename of the 'scriptname' variable is read in unsanitized before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. This is SonicWall Issue ID 181195.
by xort
CVSS 9.8
SonicWall Secure Remote Access Server 8.1.0.2-14sv - Remote Command Injection via viewcert CGI
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL certificate information. The CGI application doesn't properly escape the information it's passed in the 'CERT' variable before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account.
by xort
CVSS 9.8
NETGEAR WNR2000v5 Firmware < 1.0.0.34 - Unauthenticated Sensitive Information Exposure via BRS_netgear_success.html
The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions.
by Pedro Ribeiro
CVSS 9.8
By Source