Exploitdb Exploits
50,076 exploits tracked across all sources.
ImageMagick 7.1.0-49 - Denial of Service via PNG Image Parsing
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
by nu11secur1ty
CVSS 6.5
Skyhigh SWG <11.2.6-10.2.17-12.0.1 - XSS
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG.
by RedTeam Pentesting GmbH
CVSS 6.1
Provide Server 14.4 - Stored Cross-Site Scripting via Login Username Field
Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.
by Andreas Finstad
CVSS 6.1
BTCPay Server < 1.7.5 - HTML Injection
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
by Manojkumar J
CVSS 5.3
PostgreSQL 9.3-11.2 - Authenticated OS Command Injection via COPY TO/FROM PROGRAM
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.
by Paulo Trindade
CVSS 7.2
ImageMagick 7.1.0-49 - Info Disclosure
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
by Cristian Giustini
CVSS 6.5
Apache Tomcat 8.5.38-8.5.78 and 10.1.0-M1-10.1.0-M14 - Denial of Service via EncryptInterceptor
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.
by Cristian Giustini
CVSS 7.5
GNU Screen < 4.9.0 - Denial of Service via Privileged SIGHUP Signal
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
by Manuel Andreas
CVSS 6.5
Liferay Portal 6.2.5 - OS Command Injection via File Upload Request
Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The vendor disputes this issue because the exploit reference link only shows frmfolders.html is accessible and does not demonstrate how an unauthorized user can upload a file.
by Fu2x2000
CVSS 9.8
Frappe ERPNext 12.29.0 - Stored Cross-Site Scripting
Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users.
by Patrick Dean Ramos / Nathu Nandwani / Junnair Manla
CVSS 6.1
Dell EMC Networking X-Series <3.0.1.2, PC5500 <4.1.0.22, PowerEdge VRTX Switch Modules <2.0.0.77 - Info Disclosure
Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.
by Ken Pyle
CVSS 8.1
D-Link DIR-846 FW100A53DBR - Remote Command Execution via lan_dhcps_staticlist
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.
by Françoa Taffarel
CVSS 8.8
answerdev/answer < 1.0.4 - Account Takeover via Improper Access Control
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.
by Eduardo Pérez-Malumbres Cervera
CVSS 9.8
Chromacam 4.0.3.0 Unquoted Service Path Privilege Escalation
Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path directories. Attackers with write access to C:\ or subdirectories like C:\Program Files (x86)\Personify\ can place a malicious Program.exe or PsyFrameGrabberService.exe file that executes with LocalSystem privileges when the service starts automatically at boot.
by Laguin Benjamin
CVSS 7.8
AmazCart CMS 3.4 Reflected Cross-Site Scripting via Search
AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when search history is viewed or results are displayed.
by Sajibe Kanti
CVSS 6.1
ERPGo SaaS 3.9 CSV Injection via Vendor Creation
ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the exported CSV in a spreadsheet application. Attackers can add malicious formulas like =10+20+cmd|' /C calc'!A0 in the vendor creation form, which execute when the exported CSV file is opened in spreadsheet applications.
by Sajibe Kanti
CVSS 8.8
Zippy CRM 6.5.4 - Reflected Cross-Site Scripting via Unvalidated Input Parameters
Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in victim's browser context.
by nu11secur1ty
CVSS 6.1
Clevo HotKey Clipboard 2.1.0.6 - Code Injection
Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured service path to inject and execute arbitrary code by placing malicious executables in specific file system locations.
by Wim Jaap van Vliet
CVSS 8.4
MyBB 1.8.32 - Authenticated Remote Code Execution via Chained Avatar Upload and Language Configuration
MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute arbitrary code. Attackers can modify upload path settings, upload a malicious PHP-embedded image file, and execute commands through the language configuration editing interface.
by lUc1f3r11
CVSS 8.8
Windows Backup Service - Privilege Escalation
Windows Backup Service Elevation of Privilege Vulnerability
by nu11secur1ty
CVSS 7.1
Microsoft Exchange Active Directory Topology 15.02.1118.007 - 'Service MSExchangeADTopology' Unquoted Service Path
by Milad karimi
Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow
by Knursoft
Solaris 10 libXm - Buffer overflow Local privilege escalation
by Marco Ivaldi
Roxy-WI <6.1.1.0 - Command Injection
Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for this issue.
by Nuri Çilengir
CVSS 10.0
Roxy-wi < 6.1.1.0 - Unauthenticated Remote Code Execution via /app/options.py
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.
by Nuri Çilengir
CVSS 10.0
By Source