Exploitdb Exploits
2,731 exploits tracked across all sources.
Linux kernel <3.19.0-21.21 - Privilege Escalation
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
by Metasploit
CVSS 7.8
OpenNMS - Java Object Unserialization Remote Code Execution (Metasploit)
by Metasploit
Hak5 Wi-fi Pineapple Firmware - Improper Access Control
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
by Metasploit
CVSS 7.5
Ruby on Rails Dynamic Render File Upload Remote Code Execution
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
by Metasploit
CVSS 7.5
Linux Kernel recvmmsg Privilege Escalation
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.
by Metasploit
Allwinner 3.4 Legacy Kernel - Local Privilege Escalation (Metasploit)
by Metasploit
Street Fighter 5 - 'Capcom.sys' Kernel Execution (Metasploit)
by OJ Reeves
Linux Kernel 4.6.3 Netfilter Privilege Escalation
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
by Metasploit
CVSS 7.8
Android <5.1.1 - RCE
Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824.
by Metasploit
Metasploit Web UI - Diagnostic Console Command Execution (Metasploit)
by Metasploit
Kaltura <11.1.0-2 - Code Injection
A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata GET parameter to the redirectWidgetCmd endpoint. Successful exploitation leads to execution of arbitrary PHP code in the context of the web server process.
by Mehmet Ince
Docker Daemon - Local Privilege Escalation (Metasploit)
by Metasploit
NetBSD <7.0 - Local Privilege Escalation
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
by Metasploit
CVSS 7.8
SugarCRM - Unauthenticated Remote Code Execution via PHP Object Injection
A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the rest_data parameter before passing it to the unserialize() function. This allows an unauthenticated attacker to submit crafted serialized data containing malicious object declarations, resulting in arbitrary code execution within the application context. Although SugarCRM released a prior fix in advisory sugarcrm-sa-2016-001, the patch was incomplete and failed to address some vectors. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-13 UTC.
by Egidio Romano
Phoenix Exploit Kit - Remote Code Execution (Metasploit)
by Metasploit
Phoenix Exploit Kit - Remote Code Execution (Metasploit)
by Metasploit
Microsoft Windows - Fileless UAC Protection Bypass Privilege Escalation (Metasploit)
by Pablo González
Vmware Workstation Player < 12.1.1 - Untrusted Search Path
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
by Metasploit
CVSS 7.8
Barracuda Web Application Firewall 8.0.1.008 - (Authenticated) Remote Command Execution (Metasploit)
by xort
Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit) (3)
by xort
Centreon 2.5.3 - Web Useralias Command Execution (Metasploit)
by Metasploit
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit)
by xort
Drupal Module CODER 2.5 - Remote Command Execution (Metasploit)
by Mehmet Ince
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Remote Command Execution (Metasploit)
by xort
By Source