Exploitdb Exploits
50,076 exploits tracked across all sources.
E Learning Script 1.0 - Auth Bypass
E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain unauthorized access to the system.
by riamloo
CVSS 6.5
Domain Quester Pro 6.02 - Remote Code Execution via Domain Name Keywords Input
Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the 'Domain Name Keywords' input field to trigger an access violation and execute a bind shell on port 9999.
by boku
CVSS 9.8
AVS Audio Converter <9.1.2.600 - Code Injection
AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button is clicked.
by boku
CVSS 8.8
HomeAutomation 3.3.2 - Authentication Bypass via X-Forwarded-For Header Spoofing
HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution.
by LiquidWorm
CVSS 9.8
HomeAutomation 3.3.2 - Authenticated OS Command Injection via Custom Command Plugin
HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'set_command_on' and 'set_command_off' POST parameters in '/system/systemplugins/customcommand/customcommand.plugin.php' by using an unsanitized PHP exec() function.
by LiquidWorm
CVSS 8.0
AVE DOMINAplus <=1.10.x - Unauthenticated Denial of Service via Reboot Command Execution
AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario.
by LiquidWorm
CVSS 7.5
AVE DOMINAplus <=1.10.x - Unauthenticated Credential Disclosure via /xml/authClients.xml
AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack.
by LiquidWorm
CVSS 9.8
AVE DOMINAplus <= 1.10.x - Unauthenticated Authentication Bypass via changeparams.php autologin Parameter
AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials.
by LiquidWorm
CVSS 9.8
MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Unauthenticated Information Disclosure
Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information.
by LiquidWorm
CVSS 7.5
HomeAutomation 3.3.2 - Cross-Site Request Forgery
HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
by LiquidWorm
CVSS 8.8
HomeAutomation 3.3.2 - Stored Cross-Site Scripting via Input Parameter
HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session.
by LiquidWorm
CVSS 6.1
Wing FTP Server 6.0.7 - Privilege Escalation
Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
by Nawaf Alkeraithe
CVSS 7.8
AVE DOMINAplus 1.10.x - Cross-Site Request Forgery and Cross-Site Scripting via login.php
AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and execute arbitrary scripts in user browser sessions.
by LiquidWorm
CVSS 5.3
Windows UPnP Service - Privilege Escalation via COM Object Creation
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
by Metasploit
CVSS 7.8
OpenBSD Dynamic Loader chpass Privilege Escalation
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.
by Metasploit
CVSS 7.8
Reptile Rootkit - reptile_cmd Privilege Escalation (Metasploit)
by Metasploit
XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery (Add Admin)
by Ismail Tasdelen
XEROX WorkCentre 7830 Printer - Cross-Site Request Forgery (Add Admin)
by Ismail Tasdelen
XEROX WorkCentre 6655 Printer - Cross-Site Request Forgery (Add Admin)
by Ismail Tasdelen
FreeBSD-SA-19:15.mqueuefs - Privilege Escalation
by Karsten König
FreeBSD 11.2-STABLE, 12.0-STABLE < r343781, 12.0-RELEASE < p3 - Privilege Escalation via UNIX Domain Socket
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.
by Karsten König
CVSS 8.8
Django < 1.11.27, 2.x < 2.2.9, 3.x < 3.0.1 - Account Takeover via Unicode Case Transformation Bypass
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)
by Ryuji Tsutsui
CVSS 9.8
XnConvert 1.82 - Denial of Service via Registration Code Input Field
XnConvert 1.82 contains a denial of service vulnerability in its registration code input field that allows attackers to crash the application. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the registration code field to trigger an application crash.
by Gokkulraj
CVSS 7.5
By Source