Exploit Database
125,779 exploits tracked across all sources.
Microsoft Exchange Server - Unrestricted File Upload
Microsoft Exchange Server Security Feature Bypass Vulnerability
by Orange Tsai, Jang (@testanull), PeterJson, brandonshi123, mekhalleh (RAMELLA Sébastien), Donny Maasland, Rich Warren, Spencer McIntyre, wvu
CVSS 6.6
Microsoft Exchange ProxyNotShell RCE
Microsoft Exchange Server Elevation of Privilege Vulnerability
by Orange Tsai, Spencer McIntyre, DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q, Piotr Bazydło, Rich Warren, Soroush Dalili
CVSS 8.8
DNN <9.1.1 - RCE
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
by Jon Park, Jon Seigel
CVSS 8.8
Dnnsoftware Dotnetnuke < 9.2.2 - Weak Encryption
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.
by Jon Park, Jon Seigel
CVSS 7.5
Dnnsoftware Dotnetnuke < 9.2.1 - Weak Encryption
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
by Jon Park, Jon Seigel
CVSS 7.5
DNN 9.2-9.2.2 - Info Disclosure
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
by Jon Park, Jon Seigel
CVSS 7.5
Karjasoft Sami FTP Server - Buffer Overflow
Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed.
by Muhammad Ahmed Siddiqui, Critical Security, n30m1nd, aushack, bcoles
Symantec Endpoint Protection Manager - XXE
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by Stefan Viehbock, Chris Graham
GiveWP Unauthenticated Donation Process Exploit
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. This is essentially the same vulnerability as CVE-2024-5932, however, it was discovered the the presence of stripslashes_deep on user_info allows the is_serialized check to be bypassed. This issue was mostly patched in 3.16.1, but further hardening was added in 3.16.2.
by Villu Orav, EQSTLab, cuokon, Julien Ahrens, Valentin Lobstein
CVSS 9.8
Wordpress < 5.0.3 - Path Traversal
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
by RIPSTECH Technology, Wilfried Becard <[email protected]>
CVSS 6.5
vtiger CRM <5.4.0 - Auth Bypass
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
by Egidio Romano, juan vazquez
CVSS 9.8
Vtiger CRM 6.4.0 - RCE
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.
by Benjamin Daniel Mussler, Touhid M.Shaikh <[email protected]>, SecureLayer7.net
CVSS 7.3
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
CVSS 9.8
vBulletin <6.0.3 - RCE
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025.
by Egidio Romano (EgiX), Valentin Lobstein
CVSS 10.0
PyTorch Model Server Registration and Deserialization RCE
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
by Idan Levcovich, Guy Kaplan, Gal Elbaz, Swapneil Kumar Dash, Spencer McIntyre
CVSS 8.3
Apache Tomcat - Credentials Management
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
IBM Cognos Express - Credentials Management
IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials.
HP Operations Manager - Access Control
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
IBM Rational Quality Manager - Credentials Management
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548.
HP Operations Manager - RCE
HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843.
Apache Tomcat - Credentials Management
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
by jduck
IBM Cognos Express - Credentials Management
IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials.
by jduck
HP Operations Manager - Access Control
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
by jduck
IBM Rational Quality Manager - Credentials Management
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548.
by jduck
HP Operations Manager - RCE
HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843.
by jduck
By Source