Exploitdb Exploits
50,186 exploits tracked across all sources.
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)
by Cem Onat Karagun
Wordpress Plugin PicUploader 1.0 - Remote File Upload
by Milad karimi
rConfig <3.9.5 - Command Injection
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
by Matthew Aberegg
CVSS 9.8
Sony Playstation 4 (PS4) < 7.02 / FreeBSD 9 / FreeBSD 12 - 'ip6_setpktopt' Kernel Local Privilege Escalation (PoC)
by TheFloW
Exagate SYSGuard 6001 - CSRF
Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without the victim's consent.
by Metin Yunus Kandemir
CVSS 5.3
VMware Fusion <11.5.2 - Privilege Escalation
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
by Rich Mirch
CVSS 7.8
Veritas NetBackup 7.0 - Code Injection
Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject malicious code that would execute with elevated LocalSystem privileges.
by El Masas
CVSS 7.8
Mikrotik Routeros < 6.44.3 - Resource Allocation Without Limits
The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.
by FarazPajohan
CVSS 7.5
Mikrotik Routeros < 6.46.3 - Denial of Service
An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.
by FarazPajohan
CVSS 7.5
Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload
by qw3rTyTy
Apple Ipados < 13.2 - TOCTOU Race Condition
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
by Maurizio S
CVSS 3.1
Zohocorp Manageengine Desktop Central - Insecure Deserialization
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
by Metasploit
CVSS 9.8
Rconfig 3.x Chained Remote Code Execution
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
by Metasploit
CVSS 9.8
Chadhaajay Phpkb - Code Injection
admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.
by Antonio Cannito
CVSS 7.2
Chadhaajay Phpkb - Path Traversal
Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file.
by Antonio Cannito
CVSS 4.9
Chadhaajay Phpkb - Unrestricted File Upload
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.
by Antonio Cannito
CVSS 7.2
Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery (Add Admin)
by Miguel Mendez Z
Microsoft Windows 10 1903 - Memory Corruption
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
by eerykitty
CVSS 10.0
By Source