Exploitdb Exploits
2,731 exploits tracked across all sources.
HPE Data Protector <7.03_108,8.x<8.15,9.x<9.06 - RCE
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.
by Ian Lovering
CVSS 9.8
UI Airmax AC Firmware < 5.6.2 - Path Traversal
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2.
by Metasploit
CVSS 9.8
Oracle Application Testing Suite - Unspecified Vuln
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that the UploadFileAction servlet allows remote authenticated users to upload and execute arbitrary files via an * (asterisk) character in the fileType parameter.
by Metasploit
Oracle Application Testing Suite - Info Disclosure
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0488. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function, which allows remote attackers to bypass authentication via directory traversal sequences following a URI entry that does not require authentication, as demonstrated by olt/Login.do/../../olt/UploadFileUpload.do.
by Metasploit
Meteocontrol Web'log Basic 100 - Security Feature Bypass
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
by Karn Ganeshen
CVSS 9.4
Dell SonicWall Scrutinizer 11.0.1 - SQL Injection
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php.
by Metasploit
Ruby on Rails - Development Web Console (v2) Code Execution (Metasploit)
by Metasploit
ImageMagick <6.9.3-10 & <7.0.1-1 - RCE
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
by Metasploit
CVSS 8.4
Ninja Forms <2.9.42.1 - Code Injection
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
by Metasploit
CVSS 9.8
Apache Struts < 2.3.20.3 - Command Injection
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
by Metasploit
CVSS 8.1
Advantech WebAccess <8.1 - File Upload
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.
by Metasploit
CVSS 9.8
PCMan FTP Server 2.0.7 - 'RENAME' Remote Buffer Overflow (Metasploit)
by Jonathan Smith
Gemtek CPE7000 - WLTCS-106 Administrator SID Retriever (Metasploit)
by Federico Scalco
Gemtek CPE7000 - WLTCS-106 'sysconf.cgi' Remote Command Execution (Metasploit)
by Federico Scalco
Symantec Messaging Gateway - Credentials Management
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.
by Fakhir Karim Reda
CVSS 7.8
Micro Focus Novell Service Desk <7.2 - Path Traversal
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
by Metasploit
CVSS 7.2
Exim <4.86.2 - Privilege Escalation
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
by Metasploit
CVSS 7.0
Dell KACE K1000 <5.4.76849-5.5.90547 - File Upload
An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the download_agent.php endpoint. An attacker can upload arbitrary PHP files to a temporary web-accessible directory, which are later executed through inclusion in backend code that loads files under attacker-controlled paths.
by Metasploit
ExaGrid <4.8 P26 - Privilege Escalation
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.
by Metasploit
CVSS 7.5
PCMan FTP Server - 'PUT' Buffer Overflow (Metasploit)
by Metasploit
Easy File Sharing HTTP Server 7.2 - Remote Overflow (SEH) (Metasploit)
by Metasploit
Apache Jetspeed <2.3.1 - Path Traversal
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp."
by Metasploit
CVSS 7.2
Apache Jetspeed Arbitrary File Upload
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
by Metasploit
CVSS 8.8
ATutor 2.2.1 - Directory Traversal / Remote Code Execution (Metasploit)
by Metasploit
PHP Utility Belt - Remote Code Execution (Metasploit)
by Metasploit
By Source