Exploitdb Exploits
50,076 exploits tracked across all sources.
Diamorphine Rootkit - Signal Privilege Escalation (Metasploit)
by Metasploit
Diamorphine Rootkit - Signal Privilege Escalation (Metasploit)
by Metasploit
golang.org/x/crypto/ssh < 0.0.0-20200220183623-bac4c82f6975 - Denial of Service via Cryptographic Signature Verification
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
by Mark Adams
CVSS 7.5
Zoho ManageEngine EventLog Analyzer <10.0 SP1 Build 12110 - Information Disclosure
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column.
by Scott Goodwin
CVSS 8.8
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure
by Todor Donev
SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure
by Todor Donev
I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure
by Todor Donev
Avaya IP Office Application Server 11.0-11.0.4.0 - Cross-Site Scripting in WebUI
A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.
by Scott Goodwin
CVSS 5.4
Android Binder Use-After-Free Exploit
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
by Metasploit
CVSS 7.8
Easy2Pilot 7 Cross-Site Request Forgery via admin.php
Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=add_user endpoint with POST requests containing username and password parameters to create new administrative accounts without explicit user consent.
by indoushka
CVSS 4.3
Core FTP Lite 1.3 - Buffer Overflow
Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte payload of repeated 'A' characters to trigger an application crash without requiring additional interaction.
by berat isler
CVSS 7.5
Apache Tomcat 7.0.0-7.0.99, 8.5.0-8.5.50, 9.0.0.M1-9.0.0.30 - Remote Code Execution via AJP File Read and JSP Processing
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
by YDHCUI
CVSS 9.8
DBPower C300 HD Camera - Info Disclosure
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.
by Todor Donev
CVSS 7.5
Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak
by byteGoblin
WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting
by Ultra Security Team
WOOF Products Filter for WooCommerce 1.2.3 Persistent XSS
WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design tab textfields. Attackers can inject JavaScript code through fields like 'Text for block toggle' and 'Custom front css styles' that executes on frontend pages when saved, affecting all site visitors.
by Shahab.ra.9
CVSS 5.5
Parallaxis Cuckoo Clock 5.0 - Buffer Overflow
Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution.
by boku
CVSS 9.8
LabVantage LIMS 8.3 - Info Disclosure
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist.
by Joel Aviad Ossi
CVSS 5.3
TFTP Turbo 4.6.1273 - Unquoted Service Path Privilege Escalation
TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
by boku
CVSS 7.8
DHCP Turbo 4.61298 - Unquoted Service Path Privilege Escalation
DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts.
by boku
CVSS 7.8
BOOTP Turbo 2.0.1214 - Privilege Escalation
BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with LocalSystem permissions.
by boku
CVSS 7.8
Anviz CrossChex 4.3.8.0 and 4.3.12 - Buffer Overflow
Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.
by Metasploit
CVSS 9.8
Windows - Elevation of Privilege via MSI Package Symbolic Link Processing
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686.
by nu11secur1ty
CVSS 7.8
By Source