Exploitdb Exploits
2,689 exploits tracked across all sources.
Netsia SEBA+ <0.16.1 build 70-e669dcd7 - Info Disclosure
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and can then use that cookie immediately for admin access,
by AkkuS
CVSS 7.5
Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)
by SunCSR Team
WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit)
by SunCSR Team
Apache Flink JobManager Traversal
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.
by SunCSR Team
CVSS 7.5
TerraMaster Operating System <= 4.2.06 - Unauthenticated Remote Code Execution via Event Parameter in makecvs.php
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
by AkkuS
CVSS 9.8
WordPress Plugin W3 Total Cache - Unauthenticated Arbitrary File Read (Metasploit)
by SunCSR Team
Webmin <= 1.962 - Authenticated Remote Command Execution via Package Updates Module
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.
by AkkuS
CVSS 8.8
Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit)
by SunCSR Team
ZeroShell 3.9.0 - Unauthenticated Remote Command Execution via HTTP Parameter Injection
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
by Giuseppe Fuggiano
CVSS 9.8
Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)
by ZwX
Bludit 3.9.2 - Authentication Bruteforce Bypass (Metasploit)
by Aporlorxl23
Apache Tomcat 7.0.0-7.0.99, 8.5.0-8.5.50, 9.0.0.M1-9.0.0.30 - Remote Code Execution via AJP File Read and JSP Processing
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
by SunCSR
CVSS 9.8
Citrix ADC NetScaler - Local File Inclusion (Metasploit)
by RAMELLA Sebastien
ASUS TM-AC1900 - Arbitrary Command Execution (Metasploit)
by b1ack0wl
Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass via X-Forwarded-For Header
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
by Alexandre ZANNI
CVSS 9.8
Rails < 5.0.1 - Remote Code Execution via Render Locals Argument
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
by Lucas Amorim
CVSS 8.8
Trend Micro InterScan Web Security Virtual Appliance 6.5 - RCE
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability.
by Mehmet Ince
CVSS 8.8
MyLittleAdmin 3.8 - Unauthenticated Remote Code Execution via Hardcoded MachineKey
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.
by Metasploit
CVSS 9.8
Synology DiskStation Manager < 5.2-5967-5 - Authenticated Command Injection via smart.cgi Disk Field
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
by Metasploit
CVSS 8.8
Oracle Coherence 3.7.1.0/12.1.3.0.0/12.2.1.3-4 - RCE
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by Metasploit
CVSS 9.8
Pi-Hole heisenbergCompensator Blocklist OS Command Execution
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.
by Metasploit
CVSS 8.8
Apache Shiro < 1.2.5 - Remote Code Execution via Remember Me Feature
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
by Metasploit
CVSS 9.8
Docker Desktop Community Edition < 2.1.0.1 - Privilege Escalation via Trojan Horse docker-credential-wincred.exe
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.
by Metasploit
CVSS 7.8
Zen Load Balancer 3.10.1 - Directory Traversal (Metasploit)
by Dhiraj Mishra
unraid 6.8.0 - Authentication Bypass
Unraid 6.8.0 allows authentication bypass.
by Metasploit
CVSS 7.5
By Source