Metasploit Exploits
3,294 exploits tracked across all sources.
Multiple Camera Devices - Command Injection
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
by Titouan Lazard, Ibrahim Ayadhi, Sébastien Charbonnier
CVSS 7.2
Multiple Camera Devices - Command Injection
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
by Titouan Lazard, Ibrahim Ayadhi, Sébastien Charbonnier
CVSS 7.2
Multiple Camera Devices - Command Injection
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
by Titouan Lazard, Ibrahim Ayadhi, Sébastien Charbonnier
CVSS 7.2
Multiple Camera Devices - Info Disclosure
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.
by Titouan Lazard, Ibrahim Ayadhi, Sébastien Charbonnier
CVSS 9.8
Multiple Camera Devices - Command Injection
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.
by Titouan Lazard, Ibrahim Ayadhi, Sébastien Charbonnier
CVSS 7.2
Fortinet FortiWeb unauthenticated RCE
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
by Defused, sfewer-r7
CVSS 9.8
D-Tale RCE
man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, even when `enable_custom_filters` is not enabled. This vulnerability allows attackers to bypass authentication mechanisms and execute remote code on the server.
by taiphung217, Takahiro Yokoyama
CVSS 9.8
Cisco IMC Supervisor/UCS Director - Authenticated RCE via Web Interface
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface.
CVSS 7.2
Cisco RV320 and RV325 Firmware 1.4.2.15-1.4.2.21 - Authenticated Remote Code Execution via HTTP POST Request
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.
by RedTeam Pentesting GmbH, Philip Huppert, Benjamin Grap
CVSS 7.2
Cisco HyperFlex HX Data Platform < 4.0(2e) - Unauthenticated OS Command Injection
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
by Nikita Abramov, Mikhail Klyuchnikov, wvu
CVSS 9.8
Centreon 2.5.1 and Centreon Enterprise Server 2.2 - Remote Code Execution via session_id or template_id Parameter
displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.
by MaZ, juan vazquez
Axis IP Cameras - Access Control Bypass
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
by Or Peles, wvu, sinn3r, Brent Cook, Jacob Robles, Matthew Kienow, Shelby Pace, Chris Lee, Cale Black
CVSS 9.8
Axis IP Cameras - Exposed Insecure Interface
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
by Or Peles, wvu, sinn3r, Brent Cook, Jacob Robles, Matthew Kienow, Shelby Pace, Chris Lee, Cale Black
CVSS 9.8
ATutor 2.2.1 - SQL Injection via searchFriends Function
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.
CVSS 9.8
Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
by Max0x4141
CVSS 8.8
Apache CouchDB < 1.7.0 and 2.x < 2.1.1 - Authenticated OS Command Injection via Configuration Options
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
by Max Justicz, Joan Touzet
CVSS 7.2
Apache Airflow < 1.10.11 - Unauthenticated Remote Code Execution via Experimental API
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default
by xuxiang, Pepe Berba, Ismail E. Dawoodjee
CVSS 9.8
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
by Stephane Chazelas, wvu, lcamtuf
CVSS 9.8
phpMyAdmin < 3.1.3.2 - Remote Code Injection via ConfigFile.class.php
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.
by Greg Ose, pagvac, egypt, Tenable, g0tmi1k
XAMPP < 1.7.3 - Authenticated Remote Code Execution via WebDAV PHP Upload
A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits attackers to upload a malicious PHP payload and trigger its execution via a subsequent GET request, resulting in remote code execution on the server.
by theLightCosine, g0tmi1k
Camaleon CMS 2.8.0-2.8.1 - Authenticated Path Traversal via MediaController Download
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
by Peter Stockli, Goultarde, bootstrapbool
CVSS 7.7
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by Orange Tsai, mekhalleh (RAMELLA Sébastien)
CVSS 9.1
SaltStack Salt <2019.2.4,3000.2 - RCE
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
by F-Secure, wvu
CVSS 9.8
QNAP Photo Station - Info Disclosure
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
by Henry Huang
CVSS 9.8
QNAP Photo Station - Path Traversal
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
by Henry Huang
CVSS 9.8
By Source