Exploitdb Exploits
2,731 exploits tracked across all sources.
Discourse < 3.1.1 - Information Disclosure
Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
by İbrahimsql
CVSS 7.5
Windows Kernel - Privilege Escalation
Windows Kernel Elevation of Privilege Vulnerability
by E1 Coders
CVSS 7.8
Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)
by Emir Polat
Netgate pfSense <2.7.0 - Command Injection
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
by Emir Polat
CVSS 8.8
Flexense SyncBreeze Enterprise <10.6.24 - Memory Corruption
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.
by Ege Balci
CVSS 7.5
Seagate Stcg2000300 Firmware - OS Command Injection
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request.
by Ege Balci
CVSS 9.8
HospitalRun 1.0.0-beta - Local Root Exploit for macOS
by Jean Pereira
Gitea <1.16.7 - Info Disclosure
Gitea before 1.16.7 does not escape git fetch remote.
by samguy
CVSS 7.5
GitHub alextselegidis/easyappointments <1.4.3 - Info Disclosure
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.
by Alexandre ZANNI
CVSS 9.1
Microweber CMS 1.2.10 - Local File Inclusion (Authenticated) (Metasploit)
by Talha Karakumru
Strapi CMS Unauthenticated Password Reset
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
by WackyH4cker
CVSS 9.8
Servisnet Tessa 0.0.2 - Info Disclosure
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.
by AkkuS
CVSS 7.5
Servisnet Tessa - IDOR
An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request.
by AkkuS
CVSS 9.8
Servisnet Tessa 0.0.2 - Info Disclosure
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.
by AkkuS
CVSS 7.5
Servisnet Tessa - IDOR
An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request.
by AkkuS
CVSS 9.8
Servisnet Tessa - Authentication Bypass
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header.
by AkkuS
CVSS 9.8
Salesagility Suitecrm < 7.11.19 - Unrestricted File Upload
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.
by M. Cory Billington
CVSS 8.8
Ericsson Network Location <2021-07-31 - Command Injection
In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created.
by AkkuS
CVSS 8.8
Ericsson Network Location <2021-07-31 - Command Injection
In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created.
by AkkuS
CVSS 8.8
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43339. Reason: This candidate is a duplicate of CVE-2021-43339. Notes: All CVE users should reference CVE-2021-43339 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
by AkkuS
Movable Type <7 r.5002 - RCE
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.
by Charl-Alexandre Le Brun
CVSS 9.8
OpenEMR <5.0.1.4 - Code Injection
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.
by Alexandre ZANNI
CVSS 8.8
OpenEMR 5.0.1.7 - 'fileName' Path Traversal (Authenticated) (2)
by Alexandre ZANNI
Lightweight facebook-styled blog 1.3 - Remote Code Execution (RCE) (Authenticated) (Metasploit)
by Maide Ilkay Aydogdu
By Source