Exploitdb Exploits
50,076 exploits tracked across all sources.
Car Rental Management System 1.0 - Remote Code Execution (Authenticated)
by Mehmet Kelepçe
SAntivirus IC <10.0.21.61 - Code Injection
SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted executable path to inject malicious files in the service binary path, enabling privilege escalation to system-level permissions.
by Mara Ramirez
CVSS 7.8
IDT PC Audio 1.0.6425.0 - 'STacSV' Unquoted Service Path
by Isabel Lopez
DigitalPersona 5.1.0.656 'DpHostW' - Unquoted Service Path
by Teresa Q
Journal theme < 3.1.0 - Sensitive Data Exposure via SQL Error Messages
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
by Jinson Varghese Behanan
CVSS 7.5
OctoberCMS <1.0.466 - Info Disclosure
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466).
by Sivanesh Ashok
CVSS 4.8
Bludit 3.9.2 - Authentication Bruteforce Bypass (Metasploit)
by Aporlorxl23
touchbase.ai < 2.0 - Cross-Site Scripting
touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0.
by Simran Sankhala
CVSS 8.0
Apache Tomcat 7.0.0-7.0.99, 8.5.0-8.5.50, 9.0.0.M1-9.0.0.30 - Remote Code Execution via AJP File Read and JSP Processing
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
by SunCSR
CVSS 9.8
Citrix ADC NetScaler - Local File Inclusion (Metasploit)
by RAMELLA Sebastien
ASUS TM-AC1900 - Arbitrary Command Execution (Metasploit)
by b1ack0wl
Nidesoft 3GP Video Converter <2.6.18 - Buffer Overflow
Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system.
by Felipe Winsnes
CVSS 8.4
SourceCodester Water Billing System 1.0 - SQL Injection via Username and Password Parameters
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.
by Sarang Tumne
CVSS 9.8
Wordpress Plugin Good LMS 2.1.4 - 'id' Unauthenticated SQL Injection
by Abdulazeez Alaseeri
Sony Playstation 4 (PS4) < 6.72 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)
by Synacktiv
Customer Support System 1.0 - Cross-Site Request Forgery
by Ahmed Abbas
Customer Support System 1.0 - 'username' Authentication Bypass
by Ahmed Abbas
Customer Support System 1.0 - 'description' Stored XSS in The Admin Panel
by Ahmed Abbas
CMSUno 1.6.2 - 'user' Remote Code Execution (Authenticated)
by Fatih Çelik
Mitel ShoreTel 19.46.1802.0 - Unauthenticated Reflected Cross-Site Scripting via PATH_INFO to index.php
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page.
by Joe Helle
CVSS 6.1
Car Rental Management System 1.0 - SQL injection + Arbitrary File Upload
by Fortunato Lodari
Anuko Time Tracker <1.19.23.5325 - Info Disclosure
In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). This is fixed in version 1.19.23.5325.
by Mufaddal Masalawala
CVSS 8.7
Winstep 18.06.0096 Unquoted Service Path Privilege Escalation
Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Attackers can place malicious executables in the Program Files directory to be executed with LocalSystem privileges when the service starts.
by SamAlucard
CVSS 7.8
Realtek Audio Service 1.0.0.55 Unquoted Service Path Privilege Escalation
Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Attackers can place executable files in the unquoted service path directory to execute arbitrary code with LocalSystem privileges during service startup or system reboot.
by Erika Figueroa
CVSS 7.8
By Source