Exploitdb Exploits
50,076 exploits tracked across all sources.
MiniDVBLinux < 5.4 - Unauthenticated Remote Code Execution via SVDRP Protocol
MiniDVBLinux 5.4 contains a remote code execution vulnerability in the SVDRP protocol that allows remote attackers to send commands to manipulate TV systems. Attackers can send crafted SVDRP commands through the svdrpsend.sh script to execute messages and potentially control the video disk recorder remotely.
by LiquidWorm
CVSS 9.8
MiniDVBLinux < 5.4 - Unauthenticated Live Stream Snapshot Generation via tv_action.sh
MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_action.sh script that allows remote attackers to generate live stream snapshots through the Simple VDR Protocol. Attackers can request /tpl/tv_action.sh to create and retrieve a live TV screenshot stored in /var/www/images/tv.jpg without authentication.
by LiquidWorm
CVSS 5.3
MiniDVBLinux 5.4 - Arbitrary File Read via About Page File Parameter
MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device.
by LiquidWorm
CVSS 7.5
MiniDVBLinux 5.4 - Unauthenticated Root Password Change via System Setup Endpoint
MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials.
by LiquidWorm
CVSS 9.8
MiniDVBLinux 5.4 - Unauthenticated Sensitive Configuration Download via Backup Endpoint
MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to retrieve a complete system configuration archive containing sensitive credentials.
by LiquidWorm
CVSS 7.5
MiniDVBLinux <5.4 - Command Injection
An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary commands as the root user, potentially compromising the entire device. Exploitation evidence was observed by the Shadowserver Foundation on 2024-04-10 UTC.
by LiquidWorm
CVSS 9.8
Webgrind < 1.1 - Unauthenticated Reflected Cross-Site Scripting via File Parameter
Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary JavaScript in victim's browsers by crafting malicious URLs.
by Rafael Pedrero
CVSS 6.1
webgrind < 1.1 - Unauthenticated Remote Command Execution via dataFile Parameter
Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27' to execute commands on the target system.
by Rafael Pedrero
CVSS 9.8
Tftpd32 SE 4.60 - Unquoted Service Path Privilege Escalation
Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with system-level permissions.
by Ismael Nava
CVSS 8.4
Sysax Multi Server 6.95 - Denial of Service via Administrative Password Field Overflow
Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality.
by Luis Martínez
CVSS 9.1
Mediconta 3.7.27 - Privilege Escalation
Mediconta 3.7.27 contains an unquoted service path vulnerability in the servermedicontservice that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\medicont3\ to inject malicious code that would execute with LocalSystem permissions during service startup.
by Luis Martínez
CVSS 8.4
eXtplorer < 2.1.14 - Unauthenticated Authentication Bypass and Remote Code Execution
eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system.
by ErPaciocco
CVSS 9.8
Explorer++ 1.3.5.531 - Buffer Overflow via Long File Name Argument
Explorer32++ 1.3.5.531 contains a buffer overflow vulnerability in Structured Exception Handler (SEH) records that allows attackers to execute arbitrary code. Attackers can exploit the vulnerability by providing a long file name argument over 396 characters to corrupt the SEH chain and potentially execute malicious code.
by Rafael Pedrero
CVSS 9.8
Gestionale Open 12.00.00 - 'DB_GO_80' Unquoted Service Path
by Luis Martínez
Grafana < 6.2.5 - Cross-Site Scripting via Panel Drilldown Link Title or URL Field
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
by SimranJeet Singh
CVSS 5.4
ZoneMinder < 1.36.27 - Log Injection via /zm/index.php Endpoint
ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the "/zm/index.php" endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue.
by Trenches of IT
CVSS 5.4
Zentao Project Management System 17.0 - Authenticated Remote Code Execution (RCE)
by mister0xf
WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities
by Rafael Pedrero
By Source