Exploitdb Exploits
50,076 exploits tracked across all sources.
Django 3.0 - Cross-Site Request Forgery Token Bypass
by Spad Security Group
Amcrest Cameras and NVR - Authenticated Stack-based Buffer Overflow via Port 37777
Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.
by Jacob Baines
CVSS 8.8
ZOC Terminal 7.25.5 - Denial of Service via Malicious REXX Script Processing
ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. Attackers can generate an oversized script with 20,000 repeated characters to trigger an application crash and cause a denial of service.
by chuyreds
CVSS 6.2
Dnsmasq-utils <2.79-1 - Buffer Overflow
Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcp_release process by sending a crafted input string longer than 16 characters.
by JosueEncinar
CVSS 5.5
Bolt CMS <3.7.0 - Authenticated RCE
Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend templates. The attacker can then list and rename cached session files via the /async/browse/cache/.sessions and /async/folder/rename endpoints. By renaming a .session file to a path under the publicly accessible /files/ directory with a .php extension, the attacker can turn the injected code into an executable web shell. Finally, the attacker triggers the payload via a crafted HTTP GET request to the rogue file.
NOTE: The vendor announced that Bolt 3 reached end-of-life after 31 December 2021.
by r3m0t3nu11
CVSS 8.8
PHP-Fusion 9.03.50 - Cross-Site Scripting via Panel Content POST Parameter
PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted input to the 'panel_content' field in panels.php, resulting in execution of malicious scripts in the context of the affected site.
by hyp3rlinx
CVSS 6.1
ZOC Terminal 7.25.5 - Denial of Service via Private Key File Input Buffer Overflow
ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create SSH key files.
by chuyreds
CVSS 7.5
UltraVNC Viewer 1.2.4.0 - Denial of Service via Malformed VNC Server Input
UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload and paste it into the VNC Server connection dialog to trigger an application crash.
by chuyreds
CVSS 7.5
UltraVNC < 1.2.4.0 - Denial of Service via Repeater Host Configuration Field
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash.
by chuyreds
CVSS 7.5
UltraVNC < 1.2.4.0 - Denial of Service via Password Field Overflow
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal launcher functionality.
by chuyreds
CVSS 6.2
Nsauditor Product Key Explorer <4.2.2.0 - DoS
Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can generate a payload of 1000 bytes of repeated characters and paste it into the 'Key' input field to trigger the application crash.
by 0xMoHassan
CVSS 6.2
Nsauditor < 3.2.0.0 - Denial of Service via Registration Name Input Field
Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes of repeated characters to trigger an application crash when pasted into the registration name field.
by 0xMoHassan
CVSS 7.5
Memu Play 7.1.3 - Privilege Escalation
Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file modification permissions.
by chuyreds
CVSS 9.8
Triologic Media Player 8 - '.m3l' Buffer Overflow (Unicode) (SEH)
by Felipe Winsnes
LimeSurvey < 4.1.12+200324 - Stored Cross-Site Scripting in Survey Groups
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).
by Matthew Aberegg
CVSS 5.4
LimeSurvey < 4.1.12+200324 - Path Traversal in LimeSurveyFileManager
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
by Matthew Aberegg
CVSS 9.8
WhatsApp Desktop < 0.3.9309 and WhatsApp for iPhone < 2.20.10 - Cross-Site Scripting via Link Preview
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.
by Gal Weizman
CVSS 8.2
Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution (Metasploit)
by Mehmet Ince
pfSense < 2.4.5 - Stored Cross-Site Scripting via User Full Name Parameter
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.
by Matthew Aberegg
CVSS 5.4
AIDA64 Engineer 6.20.5300 - 'Report File' filename Buffer Overflow (SEH)
by Hodorsec
Pandora FMS 7.0NG - 'net_tools.php' Remote Code Execution
by Basim Alabdullah
PHP-Fusion 9.03.50 - Remote Code Execution via panels.php Panel Content Parameter
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panel_content POST parameters to the panels.php administration endpoint to execute malicious code.
by Unkn0wn
CVSS 6.1
Flexsense DiskBoss 7.7.14 - Buffer Overflow
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field.
by Paras Bhatia
CVSS 7.8
By Source