Exploitdb Exploits
50,076 exploits tracked across all sources.
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
by mekhalleh
CVSS 9.8
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
by Project Zero India
CVSS 9.8
Cisco Firepower Services Software For Asa - Improper Input Validation
A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked.
by TrustedSec
CVSS 5.8
ASTPP 4.0.1 - Unauthenticated Sensitive Information Disclosure via Database Backup Download
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database information from the /database_backup/ directory.
by Fabien AUNAY
CVSS 7.5
TotalAV 2020 4.14.31 - Privilege Escalation via Quarantine NTFS Directory Junction
TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder.
by Kusol Watchara-Apanukorn
CVSS 7.8
Rasilient PixelStor 5000 K:4.0.1580-20150629 - Unauthenticated Remote Code Execution via lang Parameter
languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter.
by .:UND3R:.
CVSS 9.8
ZIP Password Recovery 2.30 - Denial of Service via Maliciously Crafted Text File Input
ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared text file with specific characters to trigger an application crash when selecting a ZIP file.
by ZwX
CVSS 7.5
MSN Password Recovery 1.30 - Info Disclosure
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system configuration information.
by ZwX
CVSS 6.2
Oracle Communications Diameter Signaling Router - Unauthenticated Remote Code Execution via HTTP
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by james
CVSS 9.8
ASTPP 4.0.1 - XSS, Command Injection
ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation.
by Fabien AUNAY
CVSS 9.8
PHPGurukul Online Book Store 1.0 - Unauthenticated Arbitrary File Upload via admin_add.php
An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.
by Tib3rius
CVSS 9.8
Codoforum 4.8.3 - Stored Cross-Site Scripting via Display Name, Title, or Content Parameters
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.
by Vyshnav nk
CVSS 4.8
JetBrains TeamCity 2018.2.4 - Remote Code Execution
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
by hantwister
CVSS 9.8
Cisco Data Center Network Manager < 11.3(1) - Authenticated Unauthorized Access to JBoss EAP
A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts.
by hantwister
CVSS 6.3
Oracle Solaris - Remote Buffer Overflow in Kernel RPC
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions that are affected see note. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3623 is assigned for "Ebbisland". Solaris 10 systems which have had any Kernel patch installed after, or updated via patching tools since 2012-01-26 are not impacted. Also, any Solaris 10 system installed with Solaris 10 1/13 (Solaris 10 Update 11) are not vulnerable. Solaris 11 is not impacted by this issue. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
by hantwister
CVSS 10.0
PHPGurukul Job Portal 1.0 - Unauthenticated Arbitrary File Upload via admin/gallery.php
An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.
by Tib3rius
CVSS 9.8
AnyDesk 5.4.0 - Unquoted Service Path Privilege Escalation
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining elevated system privileges.
by SajjadBnd
CVSS 7.8
Microsoft Windows 10 1507 - Improper Privilege Management
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.
by bluefrostsec
CVSS 7.8
Complaint Management System 4.0 - Remote Code Execution
by Metin Yunus Kandemir
piSignage < 2.6.4 - Authenticated Path Traversal via Log Download API
The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download.
by JunYeong Ko
CVSS 4.3
FTPGetter Professional 5.97.0.223 - Denial of Service via Crafted String
FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. This memory corruption bug can possibly be classified as a NULL pointer dereference.
by FULLSHADE
CVSS 7.5
Voyager 1.3.0 - Path Traversal via Asset Path Parameter
Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files.
by NgoAnhDuc
CVSS 7.5
TextCrawler Pro 3.1.1 - Denial of Service via License Key Field Buffer Overflow
TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application crash.
by stresser
CVSS 7.5
By Source