Exploitdb Exploits
50,186 exploits tracked across all sources.
Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)
by Felipe Winsnes
Rails <5.0.1 - Code Injection
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
by Lucas Amorim
CVSS 8.8
Icegram Email Subscribers & Newsletters - Missing Authorization
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
by KBA@SOGETI_ESEC
CVSS 5.3
Icegram Email Subscribers & Newsletters < 4.3.1 - SQL Injection
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
by KBA@SOGETI_ESEC
CVSS 9.8
Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting
by Peter Blue
pfSense 2.4.4-p3 - CSRF
diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing.
by ghost_fh
CVSS 8.8
PandoraFMS NG747 7.0 - 'filename' Persistent Cross-Site Scripting
by Emre ÖVÜNÇ
Pandorafms Pandora Fms < 746 - XSS
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2.
by AppleBois
CVSS 9.0
Inneo Startup Tools < 13.0.70.3804 - Path Traversal
An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. The sut_srv.exe web application (served on TCP port 85) includes user input into a filesystem access without any further validation. This might allow an unauthenticated attacker to read files on the server via Directory Traversal, or possibly have unspecified other impact.
by Patrick Hener
CVSS 9.8
Bludit 3.9.2 - RCE
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
by James Green
CVSS 8.8
Suprema BioStar 2 <2.8.2 - Path Traversal
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
by SITE Team
CVSS 7.5
Manageengine Applications Manager - SQL Injection
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries.
by aldorm
CVSS 9.8
BIG-IP <15.2 - RCE
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
by Carlos E. Vieira
CVSS 9.8
FTPDummy 4.80 - Buffer Overflow
FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exception handler overwrite and execute system commands.
by Felipe Winsnes
CVSS 8.4
TimeClock Software 1.01 - Authenticated SQL Injection
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the add_entry.php endpoint to determine user existence by measuring response time differences.
by François Bibeau
CVSS 7.1
UBICOD Medivision Digital Signage 1.5.1 - Auth Bypass
UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send a GET request to /html/user with 'ft[grp]' set to integer value '3' to gain super admin rights without authentication.
by LiquidWorm
CVSS 9.8
NetPCLinker 1.0.0.0 - Buffer Overflow
NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Clients Control Panel DNS/IP field that allows attackers to execute arbitrary shellcode. Attackers can craft a malicious payload in the DNS/IP input to overwrite SEH handlers and execute shellcode when adding a new client.
by Saeed reza Zamanian
CVSS 9.8
Nexos theme <1.7 - XSS
The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS.
by Vlad Vector
CVSS 6.1
Docsify < 4.11.4 - XSS
docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the /#/ (domain.com/#//attacker.com) and render arbitrary JavaScript/HTML inside docsify page.
by Amin Sharifi
CVSS 6.1
Simple Startup Manager 1.17 - Buffer Overflow
Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. Attackers can craft a malicious payload with 268 bytes to trigger code execution, bypassing DEP and overwriting memory addresses to launch calc.exe.
by PovlTekstTV
CVSS 8.4
SonarQube 8.3.1 - Privilege Escalation
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges during service restart.
by Velayutham Selvaraj
CVSS 7.8
By Source