Exploitdb Exploits
50,076 exploits tracked across all sources.
Rich Text Editor < 6.6 - Path Traversal and Arbitrary File Write via ServerMapPath Function
CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath() function by renaming uploaded HTML files using directory traversal sequences to write files outside the intended template directory.
by Stefan Hesselman
CVSS 7.5
Easy Chat Server 1.2 and 2.2 - Denial of Service via Long Username Parameter
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected.
by r00tpgp
Duplicator < 1.4.7.1 - Information Disclosure
The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.
by SecuriTrust
CVSS 5.3
Duplicator <1.4.7 - Info Disclosure
The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.
by SecuriTrust
CVSS 7.5
Webmin < 1.997 - Remote Code Execution via Unescaped UI Command
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
by Emir Polat
CVSS 9.8
Wavlink WN533A8 M33A8.V5030.190716 - Info Disclosure
An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);].
by Ahmed Alroky
CVSS 7.5
Wavlink WN533A8 M33A8.V5030.190716 - XSS
Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter.
by Ahmed Alroky
CVSS 6.1
Wavlink WN530HG4 M30HG4.V5030.191116 - Info Disclosure
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].
by Ahmed Alroky
CVSS 7.5
GeoNetwork 3.10-4.2.0 - XML External Entity Injection via PDF Rendering
Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files through the baseURL parameter in PDF creation requests.
by Amel BOUZIANE-LEBLOND
CVSS 6.5
WP-UserOnline <= 2.87.6 - Authenticated Stored Cross-Site Scripting via browsingpage text Parameter
The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templates[browsingpage][text]' parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative capabilities and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The only affects multi-site installations and installations where unfiltered_html is disabled.
by Steffin Stanly
CVSS 5.5
ASUSTeK Aura Ready Game SDK <1.0.0.4 - Privilege Escalation
There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.
by Angelo Pio Amirante
CVSS 7.8
rpc.py < 0.6.0 - Unauthenticated Remote Code Execution via Pickle Deserialization
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.
by Elias Hohl
CVSS 9.8
Dingtian DT-R002 3.1.276A - Unauthenticated Authentication Bypass via HTTP Request Replay
relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.
by Victor Hanna
CVSS 5.9
Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal
by LiquidWorm
Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) - Remote Code Execution
by LiquidWorm
WordPress Plugin Visual Slide Box Builder 3.2.9 - SQLi
by nu11secur1ty
Kite 4.2.0.1 U1 Unquoted Service Path Privilege Escalation
Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem privileges when the service starts.
by Ghaleb Al-otaibi
CVSS 7.8
IOBit IOTransfer 4.3.1.1561 - Unauthenticated Arbitrary File Read/Write via Airserv API
In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution.
by Tomer Peled
CVSS 9.8
Dr. Fone 4.0.8 - 'net_updater32.exe' Unquoted Service Path
by Esant1490
Magnolia CMS 6.2.19 - Stored Cross-Site Scripting via Edit Contact Function
Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
by Giulio Garzia Ozozuz
CVSS 6.1
Codoforum 5.1 - Authenticated Arbitrary File Upload via Admin Logo Change
Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel.
by Krish Pandey
CVSS 7.2
OctoBot < 0.4.4 - Remote Code Execution via Tentacles Upload
WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled.
by Samy Younsi
CVSS 9.8
nginx 0.6.18-1.20.0 - Denial of Service via DNS Resolver Off-by-one Error
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
by Mohammed Alshehri
CVSS 7.7
Necta WiFi Mouse Server - Remote Code Execution via Client-Side Authentication Bypass
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
by RedHatAugust
CVSS 9.8
Mailhog 1.0.1 - Stored Cross-Site Scripting via Email Attachment
Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation.
by Vulnz
CVSS 7.2
By Source