Exploitdb Exploits
50,186 exploits tracked across all sources.
Unraid 6.8.0 - Auth Bypass
Unraid 6.8.0 allows authentication bypass.
by Metasploit
CVSS 7.5
CODE::BLOCKS 16.01 - Buffer Overflow
CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist file with 536 bytes of buffer and shellcode to trigger remote code execution.
by T3jv1l
CVSS 5.5
Easy MPEG to DVD Burner 1.7.11 - Buffer Overflow (SEH + DEP)
by Bailey Belisario
TAO Open Source Assessment Platform 3.3.0 RC02 - HTML Injection
by Vulnerability-Lab
Nexus Repository Manager Java EL Injection RCE
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
by Metasploit
CVSS 8.8
Playable 9.18 iOS - Persistent Cross-Site Scripting
by Vulnerability-Lab
Cisco IP Phones - RCE/DoS
A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
by Jacob Baines
CVSS 9.8
Pandora FMS <7.0NG - Command Injection
An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as pinging. This occurs because user input is not properly sanitized before being passed to system commands, enabling command injection.
by Metasploit
CVSS 8.8
DNN 9.2-9.2.2 - Info Disclosure
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
by Metasploit
CVSS 7.5
PlaySMS <1.4.3 - XSS
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
by Metasploit
CVSS 9.8
Apache Solr < 7.7.3 - Injection
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
by Metasploit
CVSS 7.5
VMware Fusion <11.5.2 - Privilege Escalation
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
by Metasploit
CVSS 7.8
TP-Link Archer A7 Firmware <190726 - RCE
This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652.
by Metasploit
CVSS 8.8
Thinkphp < 3.2.4 - Missing Authentication
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
by Metasploit
CVSS 8.8
Liferay Portal <7.2.1 CE GA2 - Code Injection
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
by Metasploit
CVSS 9.8
Pinger 1.0 - RCE
Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters.
by Milad karimi
CVSS 9.8
Xeroneit Library Management System 3.0 - 'category' SQL Injection
by Sohel Yousef
SeedDMS 5.1.18 - Persistent Cross-Site Scripting
by Vulnerability-Lab
Macs Framework 1.14f CMS - Persistent Cross-Site Scripting
by Vulnerability-Lab
DedeCMS 7.5 SP2 - Persistent Cross-Site Scripting
by Vulnerability Research Laboratory
SuperBackup 2.0.5 for iOS - Persistent Cross-Site Scripting
by Vulnerability-Lab
AirDisk Pro 5.5.3 for iOS - Persistent Cross-Site Scripting
by Vulnerability-Lab
By Source