Exploitdb Exploits
31,346 exploits tracked across all sources.
Primasystems Flexair < 2.3.38 - Unrestricted File Upload
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker to gain full system access.
by LiquidWorm
CVSS 8.8
Optergy Proton/Enterprise - Info Disclosure
Optergy Proton/Enterprise devices allow Username Disclosure.
by LiquidWorm
CVSS 5.3
Optergy Proton/Enterprise - Code Injection
Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root.
by LiquidWorm
CVSS 9.8
Optergy Proton/Enterprise - CSRF
Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF).
by LiquidWorm
CVSS 8.8
Linear eMerge E3-Series - Path Traversal
Linear eMerge E3-Series devices allow File Inclusion.
by LiquidWorm
CVSS 7.5
Linear eMerge E3-Series - Path Traversal
Linear eMerge E3-Series devices allow File Inclusion.
by LiquidWorm
CVSS 7.5
Linear eMerge E3-Series - CSRF
Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF).
by LiquidWorm
CVSS 8.8
Linear eMerge E3-Series - XSS
Linear eMerge E3-Series devices allow XSS.
by LiquidWorm
CVSS 6.1
Computrols Building Automation System < 19.0.0 - XSS
Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter.
by LiquidWorm
CVSS 6.1
Computrols Building Automation Software - Information Disclosure
Computrols CBAS 18.0.0 allows Username Enumeration.
by LiquidWorm
CVSS 5.3
Computrols Building Automation Software < 19.0.0 - CSRF
Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.
by LiquidWorm
CVSS 8.8
Computrols Building Automation Software - Missing Authorization
Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.
by LiquidWorm
CVSS 7.5
Adrenalin 5.4.0 - XSS
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parameter.
by Cy83rl0gger
CVSS 6.1
Adrenalin HRMS 5.4.0 - XSS
A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious JavaScript code in /RPT/SSRSDynamicEditReports.aspx via 'ReportId' parameter.
by Cy83rl0gger
CVSS 6.1
Adrenalin HRMS <5.4.0 - XSS
Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'.
by Cy83rl0gger
CVSS 6.1
Prima Systems FlexAir <2.3.38 - RCE
Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a user’s browser session in context of an affected site.
by LiquidWorm
CVSS 9.0
Alps HID Monitor Service 8.1.0.10 - Code Injection
Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\Apoint2K\HidMonitorSvc.exe to inject malicious executables and gain system-level access.
by Héctor Gabriel Chimecatl Hernández
CVSS 7.8
GCafé 3.0 - Privilege Escalation
GCafé 3.0 contains an unquoted service path vulnerability in the gbClientService that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with LocalSystem permissions.
by 4ll4u
CVSS 7.8
Adobe Acrobat DC < 15.006.30504 - Memory Corruption
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
by Google Security Research
CVSS 9.8
Adobe Acrobat DC < 15.006.30504 - Memory Corruption
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
by Google Security Research
CVSS 9.8
Apple Iphone OS < 12.4 - Insecure Deserialization
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.
by Google Security Research
CVSS 9.8
SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path
by Carlos A Garcia R
Adaware Web Companion 4.8.2078.3950 - Code Injection
Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Lavasoft\Web Companion\Application\ to inject malicious code that would execute with LocalSystem privileges during service startup.
by Mariela L Martínez Hdez
CVSS 7.8
By Source