Exploitdb Exploits
50,186 exploits tracked across all sources.
Windows Win32k - Privilege Escalation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
by piotrflorczyk
CVSS 7.8
Alfresco <5.2.7 & <6.2.0 - XSS
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
by Alexandre ZANNI
CVSS 5.4
RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection
by Olga Villagran
RICOH Aficio SP 5200S Printer - 'entryNameIn' HTML Injection
by Paulina Girón
Cyberoam Authentication Client <2.1.2.7 - RCE
Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell on port 1337 with system-level access.
by Andrey Stoykov
CVSS 9.8
Microsoft Exchange Server - Authentication Bypass
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
by Photubias
CVSS 8.8
Broadcom Unified Infrastructure Management < 9.20 - Buffer Overflow
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.
by wetw0rk
CVSS 9.8
Tutor LMS <1.5.3 - CSRF
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).
by Jinson Varghese Behanan
CVSS 6.5
Cacti v1.2.8 - Unauthenticated Remote Code Execution (Metasploit)
by Lucas Amorim
Joplin < 1.0.184 - XSS
Joplin through 1.0.184 allows Arbitrary File Read via XSS.
by Javier Olmedo
CVSS 5.4
netkit-telnet-0.17 telnetd (Fedora 31) - 'BraveStarr' Remote Code Execution
by Immunity
Tp-link Tl-wr849n Firmware - OS Command Injection
On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.
by Elber Tavares
CVSS 9.8
TP-LINK TL-WR849N <4.16 - DoS
TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI.
by Elber Tavares
CVSS 6.1
Intelbras WRN240 - DoS
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.
by Elber Tavares
CVSS 7.5
Qdpm < 9.1 - Path Traversal
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.
by Tobin Shields
CVSS 8.8
Business Live Chat Software 1.0 - CSRF
Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with administrative access parameters.
by Meisam Monsef
CVSS 5.3
Comtrend Vr-3033 Firmware - OS Command Injection
Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.
by Raki Ben Hamouda
CVSS 8.8
PhpIX 2012 Professional - SQL Injection
PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information.
by indoushka
CVSS 7.1
Core FTP LE 2.2 - DoS
Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account field to cause the application to become unresponsive and require reinstallation.
by Ismael Nava
CVSS 7.5
OpenSMTPD OOB Read Local Privilege Escalation
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
by Qualys Corporation
CVSS 9.8
OpenSMTPD <6.6.4 - Info Disclosure
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
by Qualys Corporation
CVSS 4.7
SpotFTP-FTP Password Recover <2.4.8 - DoS
SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash.
by Ismael Nava
CVSS 7.5
By Source