Exploitdb Exploits
50,186 exploits tracked across all sources.
Android Binder Use-After-Free Exploit
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
by Metasploit
CVSS 7.8
Core FTP Lite 1.3 - Buffer Overflow
Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte payload of repeated 'A' characters to trigger an application crash without requiring additional interaction.
by berat isler
CVSS 7.5
Apache Geode < 7.0.100 - Remote Code Execution
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
by YDHCUI
CVSS 9.8
DBPower C300 HD Camera - Info Disclosure
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.
by Todor Donev
CVSS 7.5
Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak
by byteGoblin
WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting
by Ultra Security Team
Parallaxis Cuckoo Clock 5.0 - Buffer Overflow
Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution.
by boku
CVSS 9.8
LabVantage LIMS 8.3 - Info Disclosure
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist.
by Joel Aviad Ossi
CVSS 5.3
TFTP Turbo 4.6.1273 - RCE
TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
by boku
CVSS 7.8
DHCP Turbo 4.61298 - RCE
DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts.
by boku
CVSS 7.8
BOOTP Turbo 2.0.1214 - Privilege Escalation
BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with LocalSystem permissions.
by boku
CVSS 7.8
Anviz Crosschex - Buffer Overflow
Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.
by Metasploit
CVSS 9.8
Microsoft Windows 10 1507 - Symlink Following
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686.
by nu11secur1ty
CVSS 7.8
HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path
by Roberto Piña
WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting
by Ultra Security Team
WordPress Plugin WOOF Products Filter for WooCommerce 1.2.3 - Persistent Cross-Site Scripting
by Shahab.ra.9
WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
by Jinson Varghese Behanan
SOPlanning 1.45 - Cross-Site Request Forgery (Add User)
by J3rryBl4nks
Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)
by J3rryBl4nks
Avaya Aura Communication Manager 5.2 - Remote Code Execution
by Sarang Tumne
By Source