Exploitdb Exploits
50,076 exploits tracked across all sources.
PostgreSQL 9.3-11.2 - Authenticated OS Command Injection via COPY TO/FROM PROGRAM
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.
by b4keSn4ke
CVSS 7.2
Kramer VIAware 2.5.0719.1034 - Incorrect Access Control
Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.
by sharkmoos
CVSS 9.8
WordPress Plugin amministrazione-aperta 3.7.3 Local File Read
WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php to include and read sensitive files accessible to the web server.
by Hassan Khan Yusufzai
CVSS 6.2
ProtonVPN 1.26.0 - Unquoted Service Path Privilege Escalation via WireGuard Configuration
ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated privileges during service startup.
by gemreda
CVSS 7.8
Pluck CMS 4.7.15 - Cross-Site Request Forgery
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover.
by Devansh Bordia
CVSS 8.8
Ivanti Endpoint Manager Cloud Services Appliance < 4.5 - Unauthenticated Remote Code Execution
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
by d7x
CVSS 9.8
iRZ Mobile Router Firmware < 2022-03-16 - Cross-Site Request Forgery via Crontab API
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.
by John Jackson
CVSS 8.8
ICT Protege GX/WX 2.08 - Stored Cross-Site Scripting (XSS)
by LiquidWorm
ICT Protege GX/WX 2.08 - Client-Side SHA1 Password Hash Disclosure
by LiquidWorm
Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip (Authenticated)
by Ceylan BOZOĞULLARINDAN
Tiny File Manager < 2.4.7 - Authenticated Path Traversal and Remote Code Execution via File Upload
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.
by FEBIN MON SAJI
CVSS 8.8
Pluck 4.7.16 - Authenticated Remote Code Execution via Theme Upload
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.
by Ashish Koli
CVSS 7.2
APISIX Admin API default access token RCE
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.
by Ven3xy
CVSS 9.8
VIVE Runtime Service 1.0.0.4 - Code Injection
VIVE Runtime Service 1.0.0.4 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific system directories to gain LocalSystem access during service startup.
by Faisal Alasmari
CVSS 8.4
Tdarr 2.00.15 - Unauthenticated Remote Code Execution via Help Terminal Command Injection
Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like `--help; curl .py | python` to execute remote code without authentication.
by Sam Smith
CVSS 9.8
SEOWON INTECH SLC-130,SLR-120S - RCE
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.
by Aryan Chehreghani
CVSS 9.8
WOW21 5.0.1.9 - Unquoted Service Path Privilege Escalation
WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup.
by Antonio Cuomo
CVSS 7.8
Sandboxie-Plus 5.50.2 - Code Injection
Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
by Antonio Cuomo
CVSS 8.4
BattlEye v0.9 - Privilege Escalation
BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.
by Saud Alenazi
CVSS 7.8
Sony PlayMemories Home v6.0 - Privilege Escalation
Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
by Saud Alenazi
CVSS 6.7
McAfee(R) Safe Connect VPN - Unquoted Service Path Elevation Of Privilege
by Saud Alenazi
Zabbix 5.0.17 - Remote Code Execution (RCE) (Authenticated)
by Hussien Misbah
By Source