Metasploit Exploits
3,189 exploits tracked across all sources.
Nuuo Cms < 3.3 - Path Traversal
NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code.
by Pedro Ribeiro <[email protected]>
CVSS 9.8
listmonk <5.0.2 - Info Disclosure
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-user (super admin) installations, on multi-user installations, this allows non-super-admin users with campaign or template permissions to use the `{{ env }}` template expression to capture sensitive environment variables. Users should upgrade to v5.0.2 to mitigate the issue.
by Tarek Nakkouch
CVSS 9.0
Adobe ColdFusion <2018 Update 15, 2021 Update 5 - RCE
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
by sf
CVSS 8.6
Dolibarr <7.0.2 - SQL Injection
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.
by Issam Rabhi, Kevin Locati, Shelby Pace
CVSS 9.8
Gitlab < 16.6.6 - Missing Authorization
An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.
by n00bhaxor, erruquill
CVSS 5.3
Salt < 2019.2.4 - Path Traversal
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
by F-Secure, wvu
CVSS 6.5
EMC Cloud Tiering Appliance Software - Information Disclosure
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
VMware vCenter Server vmdir Information Disclosure
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
by Hynek Petrak, wvu
CVSS 9.8
ThinManager Path Traversal (CVE-2023-27856) Arbitrary File Download
In affected versions, path traversal exists when processing a message of type 8
in Rockwell Automation's ThinManager ThinServer.
An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.
by Michael Heinzl, Tenable
CVSS 7.5
Android <2.3.4 - Info Disclosure
The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.
by Thomas Cannon, jduck
Vbulletin - SQL Injection
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter.
by Orestis Kourides, sinn3r, juan vazquez
vBulletin <5.5.6pl1, <5.6.0pl1, <5.6.1pl1 - Privilege Escalation
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
CVSS 9.8
Twonky Server Log Leak Authentication Bypass
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.
by remmons-r7
CVSS 9.8
NUUO CMS <3.1 - RCE
NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.
by Pedro Ribeiro <[email protected]>
CVSS 9.8
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
by h00die, Yaniv Nizry, binganao, h4x0r-dz, Vozec
CVSS 9.8
Android Browser RCE Through Google Play Store XFO
The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser.
by Rafay Baloch, joev
Xymon Daemon Gather Information
xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command.
by Markus Krell, bcoles
CVSS 7.5
ManageEngine ADAudit Plus Xnode Enumeration
Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user.
by Sahil Dhar, Erik Wynter
CVSS 9.8
Pimcore <5.3.0 - SQL Injection
Pimcore before 5.3.0 allows SQL Injection via the REST web service API.
by Thongchai Silpavarangkura, N. Rai-Ngoen, Shelby Pace
CVSS 6.5
Joomla! - SQL Injection
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Adobe Acrobat DC < 15.006.30417 - Information Disclosure
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability. Successful exploitation could lead to information disclosure.
by Assaf Baharav, Yaron Fruchtmann, Ido Solomon, Richard Davy - secureyourit.co.uk
CVSS 7.5
LibreOffice 6.0.3 - Apache OpenOffice Writer 4.1.5 - Info Disclosure
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.
CVSS 7.5
HP-UX <11.11 - Buffer Overflow
Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.
by hdm
Novell Netware - DoS
Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm.
by toto
By Source