Exploitdb Exploits
2,731 exploits tracked across all sources.
Barracuda Spam & Virus Firewall 5.1.3.007 - Remote Command Execution (Metasploit)
by xort
Drupal Module RESTWS 7.x - PHP Remote Code Execution (Metasploit)
by Mehmet Ince
Riverbed SteelCentral NetProfiler & NetExpress <10.8.7 - RCE
An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection vulnerability in the '/api/common/1.0/login' endpoint can be exploited to create a new user account in the appliance database. This user can then trigger a command injection vulnerability in the '/index.php?page=licenses' endpoint to execute arbitrary commands. The attacker may escalate privileges to root by exploiting an insecure sudoers configuration that allows the 'mazu' user to execute arbitrary commands as root via SSH key extraction and command chaining. Successful exploitation allows full remote root access to the virtual appliance.
by Metasploit
MS16-032 Secondary Logon Handle Privilege Escalation
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."
by Metasploit
CVSS 7.8
Tikiwiki Cms/groupware < 15.1 - Missing Authentication
An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector (connector.minimal.php), which allows remote attackers to upload and execute malicious PHP scripts in the context of the web server. The vulnerable component does not enforce file type validation, allowing attackers to craft a POST request to upload executable PHP payloads through the ELFinder interface exposed at /vendor_extra/elfinder/.
by Mehmet Ince
CVSS 9.8
Microsoft Windows 10 - Access Control
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."
by Metasploit
CVSS 7.8
Debian Linux < 3.2.22.1 - Improper Input Validation
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
by Metasploit
CVSS 7.3
Nagios XI Chained - Remote Code Execution (Metasploit)
by Metasploit
Wolfcms Wolf Cms < 0.8.3 - Improper Input Validation
Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality.
by s0nk3y
CVSS 8.8
PCMan FTP Server 2.0.7 - 'ls' Remote Buffer Overflow (Metasploit)
by quanyechavshuo
Wolfcms Wolf Cms < 0.8.3 - Improper Input Validation
Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality.
by s0nk3y
CVSS 8.8
DarkComet Server - Arbitrary File Download (Metasploit)
by Jos Wetzels
Tomabo MP4 Player 3.11.6 - Local Stack Overflow (SEH) (Metasploit)
by s0nk3y
op5 7.1.9 - Configuration Command Execution (Metasploit)
by Metasploit
Bomgar Remote Support < 14.3.2 - Code Injection
Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts.
by Markus Wulftange
Apache Continuum - Arbitrary Command Execution (Metasploit)
by Metasploit
Dell OpenManage Server Administrator 8.3 - XML External Entity
by hantwister
Poison Ivy 2.1.x (C2 Server) - Remote Buffer Overflow (Metasploit)
by Jos Wetzels
Poison Ivy 2.1.x (C2 Server) - Remote Buffer Overflow (Metasploit)
by Jos Wetzels
Apache Struts < 2.3.20.3 - Improper Input Validation
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
by Metasploit
CVSS 9.8
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
by Metasploit
CVSS 9.8
IPFire - 'proxy.cgi' Remote Code Execution (Metasploit)
by Metasploit
By Source