Exploitdb Exploits
50,186 exploits tracked across all sources.
Nxlog < 3.0.2272 - Insecure Deserialization
The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.)
by Guillaume PETIT
CVSS 7.5
Grav CMS 1.6.30 - XSS
Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the page is viewed in the admin panel or on the site.
by Sagar Banwa
CVSS 6.4
Raysync < 3.3.3.8 - Path Traversal
A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server.
by james
CVSS 8.8
Seotoaster 3.2.0 - Stored XSS on Edit page properties
by Hardik Solanki
PrestaShop ProductComments 4.2.0 - 'id_products' Time Based Blind SQL Injection
by Frederic ADAM
Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)
by ChendoChap
Oracle Solaris 10-11 - Privilege Escalation
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
by Hacker Fantastic
CVSS 10.0
Task Management System 1.0 - 'page' Local File Inclusion
by İsmail BOZKURT
Online Marriage Registration System (OMRS) 1.0 - Remote Code Execution (2)
by Andrea Bruschi
Cisco ASA/FTD - Path Traversal
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.
by Freakyclown
CVSS 7.5
Rumble Mail Server 0.51.3135 - XSS
A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter.
by Mohammed Alshehri
CVSS 5.4
Rumble Mail Server 0.51.3135 - XSS
Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter.
by Mohammed Alshehri
CVSS 5.4
System Explorer 7.0.0 - Privilege Escalation
An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path.
by Mohammed Alshehri
CVSS 7.8
Rumble Mail Server <0.51.3135 - XSS
A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters.
by Mohammed Alshehri
CVSS 5.4
SeaCMS 11.1 - XSS
SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded.
by j5s
CVSS 6.1
LibreNMS 1.46 - Authenticated SQL Injection
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection.
by Hodorsec
CVSS 7.1
MiniWeb HTTP server 0.8.19 - DoS
MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request.
by securityforeveryone.com
CVSS 7.5
GitLab CE/EE <11.3.11-11.5.1 - CRLF Injection
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.
by Fortunato Lodari
CVSS 7.5
Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change password)
by KeopssGroup0day_Inc
WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download
by Wadeek
By Source