Exploitdb Exploits
50,186 exploits tracked across all sources.
PHPStudy - Backdoor Remote Code execution (Metasploit)
by Metasploit
Nagios XI <5.6.6 - RCE
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.
by Metasploit
CVSS 8.8
60CycleCMS 2.5.2 - XSS
60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browsers. This issue does not involve SQL injection.
by Unkn0wn
CVSS 6.1
60CycleCMS 2.5.2 - SQL Injection
60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modify database contents. This issue does not involve cross-site scripting.
by Unkn0wn
CVSS 8.2
Sapplica Sentrifugo - SQL Injection
A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.
by minhnb
CVSS 6.5
Apache ActiveMQ 5.x-5.11.1 Directory Traversal Shell Upload
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.
by Metasploit
Php < 7.1.33 - Out-of-Bounds Write
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
by Metasploit
CVSS 8.7
Google Chrome <80.0.3987.122 - Heap Corruption
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by Metasploit
CVSS 8.8
Google Chrome < 73.0.3683.86 - Out-of-Bounds Write
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by Metasploit
CVSS 6.5
Google Chrome <70.0.3538.64 - RCE
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
by Metasploit
CVSS 8.8
OpenSMTPD OOB Read Local Privilege Escalation
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
by Metasploit
CVSS 9.8
SpyHunter 4 - Privilege Escalation
SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access during service startup.
by Alejandro Reyes
CVSS 7.8
Iskysoft Application Framework Service 2.4.3.241 - Code Injection
Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would be run with the service's high-level system permissions.
by Alejandro Reyes
CVSS 7.8
Deep Instinct Windows Agent 1.2.29.0 - Privilege Escalation
Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicious code that would execute with LocalSystem permissions during service startup.
by Oscar Flores
CVSS 7.8
ASUS GiftBox Desktop 1.1.1.127 - 'ASUSGiftBoxDesktop' Unquoted Service Path
by Oscar Flores
Microsoft Exchange Server - Authentication Bypass
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
by Metasploit
CVSS 8.8
EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.
by Metasploit
CVSS 9.8
UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read
by NgoAnhDuc
GUnet OpenEclass 1.7.3 - RCE
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise.
by emaragkos
CVSS 8.8
GUnet OpenEclass 1.7.3 - Info Disclosure
GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access.
by emaragkos
CVSS 6.5
GUnet OpenEclass 1.7.3 - Info Disclosure
GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download other users' files without proper authorization.
by emaragkos
CVSS 4.3
GUnet OpenEclass 1.7.3 - Auth Bypass
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature.
by emaragkos
CVSS 8.8
GUnet OpenEclass 1.7.3 - SQL Injection
GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques.
by emaragkos
CVSS 7.1
By Source