Exploitdb Exploits
50,193 exploits tracked across all sources.
Project Worlds Online Examination System 1.0 - XSS
XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field
by Nikhil Kumar
CVSS 6.1
WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 - Unauthenticated RCE via GET request
by Mohammed Althibyani
Mailman 1.x > 2.1.23 - Cross Site Scripting (XSS)
by Valerio Alessandroni
Program Access Controller 1.2.0.0 - Privilege Escalation
Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions.
by Mohammed Alshehri
CVSS 7.8
Prey <1.9.6 - Privilege Escalation
Prey 1.9.6 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the CronService to insert malicious code that would execute during application startup or system reboot.
by Ömer Tuygun
CVSS 7.8
IP Watcher 3.0.0.30 - Code Injection
IP Watcher 3.0.0.30 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during service startup.
by Mohammed Alshehri
CVSS 7.8
EPSON 1.124 - Privilege Escalation
EPSON 1.124 contains an unquoted service path vulnerability in the SENADB service that allows local attackers to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\ to inject malicious executables that will run with LocalSystem permissions.
by İsmail Önder Kaya
CVSS 7.8
Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
by Matthew Aberegg
CVSS 7.2
Oracle Business Intelligence Enterprise Edition - Info Disclosure
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
by Ivo Palazzolo
CVSS 7.5
Blueman <2.1.4 - Command Injection
Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules.
by Vaisha Bernard
CVSS 7.1
TDM Digital Signage PC Player 4.1.0.4 - Privilege Escalation
TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access.
by LiquidWorm
CVSS 8.8
Adtec Digital SignEdje <2.08.28 - Unauthenticated RCE
Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.
by LiquidWorm
CVSS 7.5
Sphider Search Engine 1.3.6 - 'word_upper_bound' RCE (Authenticated)
by Gurkirat Singh
Sentrifugo 3.2 - RCE
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell.
by Gurkirat Singh
CVSS 8.8
Client Management System 1.0 - 'searchdata' SQL injection
by Serkan Sancar
GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse
by LiquidWorm
ReQuest Serious Play F3 Media Server <7.0.3.4968 - DoS
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted by an unauthenticated attacker through a single crafted HTTP GET request, allowing remote interruption of service availability.
by LiquidWorm
PDW File Browser 1.3 - XSS
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary JavaScript in victims' browsers when they access the file browser.
by David Bimmel
CVSS 5.4
ReQuest Serious Play Media Player 3.0 - Info Disclosure
ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources.
by LiquidWorm
ReQuest Serious Play F3 Media Server 7.0.3 - RCE
ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader page, resulting in remote code execution on the server.
by LiquidWorm
ReQuest Serious Play F3 Media Server <7.0.3.4968 - Info Disclosure
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page.
by LiquidWorm
Inoideas Inoerp - Code Injection
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.
by Lyhin\'s Lab
CVSS 9.8
By Source