Exploitdb Exploits
50,076 exploits tracked across all sources.
NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit
by Neil Kettle
GitLab CE/EE <15.1.5-15.3.1 - Authenticated RCE
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
by Antonio Francesco Sardella
CVSS 9.9
YUI 2000-2800 - Reflected Cross-Site Scripting in Sandbox Examples
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
by SITE Team
CVSS 6.1
perfSONAR 4.0-4.4.5 - Cross-Site Request Forgery via Search Function
perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.
by Ryan Moore
CVSS 4.3
Apache HTTP Server < 2.4.52 - Buffer Overflow in mod_lua Multipart Parser
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
by Sunil Iyengar
CVSS 9.8
CWP login.php Unauthenticated RCE
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
by numan türle
CVSS 9.8
Ubuntu Enlightenment Mount Priv Esc
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
by nu11secur1ty
CVSS 7.8
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
by Chan Nyein Wai
CVSS 10.0
GeoVision Camera GV-ADR2701 - Authentication Bypass
by Chan Nyein Wai
TP-Link TL-WR902AC Firmware < 3.0.9.1 - Authenticated Remote Code Execution via Crafted Firmware Update
TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.
by Tobias Müller
CVSS 8.8
Nexxt Amp300 ARN02304U8 RCE via Ping Feature JSON Host Field
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required
by Yerodin Richards
CVSS 8.8
Hughes Satellite Router HX200 v8.3.1.14 - Remote File Inclusion
by LiquidWorm
ELSI Smart Floor V3.3.3 - Stored Cross-Site Scripting (XSS)
by Rob_ CTRL Group
WooCommerce 7.1.0 Remote Code Execution via class-wc-meta-box-product-images.php
WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injecting shell commands through the product-type parameter. Attackers can send requests to the class-wc-meta-box-product-images.php endpoint with unsanitized product-type values to write malicious PHP files to the web root.
by Milad karimi
CVSS 9.8
SOUND4 Server Service 4.1.102 - Privilege Escalation
SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.
by LiquidWorm
CVSS 8.4
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - RCE
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass authentication, gaining full system control.
by LiquidWorm
CVSS 9.8
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Command Injection
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the 'password' POST parameter to execute commands with web server privileges.
by LiquidWorm
CVSS 9.8
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Path Traversal
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sending crafted multipart form-data POST requests with directory traversal sequences to write files to unintended system locations.
by LiquidWorm
CVSS 7.5
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - CSRF
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended administrative operations when a logged-in user visits the page.
by LiquidWorm
CVSS 4.3
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x - SQL Injection
SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious SQL code through the 'password' POST parameter to bypass authentication and potentially gain unauthorized access to the system.
by LiquidWorm
CVSS 9.8
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Auth Bypass
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without proper authentication.
by LiquidWorm
CVSS 9.8
CoolerMaster MasterPlus <1.8.5 - Code Injection
CoolerMaster MasterPlus 1.8.5 contains an unquoted service path vulnerability in the MPService that allows local attackers to execute code with elevated system privileges. Attackers can drop a malicious executable in the service path and trigger code execution during service startup or system reboot.
by Damian Semon Jr
CVSS 8.4
By Source