Exploitdb Exploits
31,329 exploits tracked across all sources.
Mozilla Firefox < 55.0 - Improper Input Validation
If a long user name is used in a username/password combination in a site URL (such as " http://UserName:[email protected]"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox < 55.
by Amit Sangra
CVSS 7.5
Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection
by hyp3rlinx
Afian AB FileRun 2017.03.18 - Multiple Vulnerabilities
by SEC Consult
Xen < 4.9.0 - Denial of Service
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
by Google Security Research
CVSS 8.8
Apache Solr < 5.5.4 - XXE
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.
by Michael Stepankin & Olga Barinova
CVSS 9.8
Microsoft Windows <10.0 - Privilege Escalation
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".
by Google Security Research
CVSS 6.7
Squid Analysis Report Generator 2.3.10 - Remote Code Execution
by Pavel Suprunyuk
Apple iOS <11, tvOS <11 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic that leverages a race condition.
by Google Security Research
CVSS 8.1
3cx - Path Traversal
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks.
by Jens Regel
CVSS 6.5
Webmin < 1.850 - XSS
Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name='cmd' input element.
by hyp3rlinx
CVSS 6.1
Logitech Media Server - XSS
DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI.
by Thiago Sena
CVSS 6.1
TYPO3 Extension Restler 1.7.0 - Local File Disclosure
by CrashBandicot
phpMyFAQ <2.9.8 - XSS
Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.
by Ishaq Mohammed
CVSS 6.1
Alienvault Unified Security Management < 5.4.2 - CSRF
AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address (either in PDF or XLS format). Since there is no anti-CSRF token protecting this functionality, it is vulnerable to Cross-Site Request Forgery attacks.
by Julien Ahrens
CVSS 5.7
Softwarepublico E-sic - SQL Injection
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).
by Elber Tavares
CVSS 9.8
Softwarepublico E-sic - XSS
XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter.
by Elber Tavares
CVSS 6.1
Softwarepublico E-sic - SQL Injection
An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.
by Elber Tavares
CVSS 9.8
Softwarepublico E-sic - SQL Injection
SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI).
by Elber Tavares
CVSS 8.8
By Source