Exploitdb Exploits
50,076 exploits tracked across all sources.
Prime95 29.8 build 6 - Remote Code Execution via User ID Input Field
Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields to trigger a bind shell on port 3110.
by stresser
CVSS 9.8
Microsoft Windows 10 BasicRender.sys - Denial of Service (PoC)
by vportal
phpMyChat-Plus 1.98 - 'pmc_username' Reflected Cross-Site Scripting
by Chris Inzinga
SurfOffline Professional 2.2.0.103 - Buffer Overflow
SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to trigger a denial of service condition and overwrite SEH registers.
by Chris Inzinga
CVSS 7.5
FTP Navigator < 8.03 - Denial of Service via Custom Command Input
FTP Navigator 8.03 contains a denial of service vulnerability that allows attackers to crash the application by overwriting Structured Exception Handler (SEH) with malicious input. Attackers can generate a payload of 4108 'A' characters followed by 4 'B' characters and 40 'C' characters to trigger a program crash when pasted into the custom command input.
by Chris Inzinga
CVSS 7.5
FTP Navigator 8.03 - Stack-based Buffer Overflow via Custom Command Textbox
FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted into the Custom Command textbox, enabling remote code execution and launching the calculator as proof of concept.
by Chris Inzinga
CVSS 9.8
Deutsche Bahn Ticket Vending Machine Local Kiosk - Privilege Escalation
by Vulnerability-Lab
AVS Audio Converter 9.1 - Buffer Overflow
AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. Attackers can craft a specially designed text file with 264 bytes of padding followed by register overwrite values to compromise the application and potentially execute arbitrary code.
by ZwX
CVSS 8.4
AVS Audio Converter <9.1.2.600 - Code Injection
AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button is clicked.
by ZwX
CVSS 8.8
Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown)
by Ismail Tasdelen
macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event()
by Google Security Research
OpenMRS Java Deserialization RCE
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
by Metasploit
CVSS 9.8
Xerox AltaLink C8035 Printer - Cross-Site Request Forgery (Add Admin)
by Ismail Tasdelen
Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
by Bishop Fox
CVSS 9.8
Rumpus FTP Web File Manager 8.2.9.1 - XSS
A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts
by Harshit Shukla
CVSS 6.1
Zendesk App SweetHawk Survey 1.6 - Stored Cross-Site Scripting via Support Ticket Submission
Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatically execute when survey pages are loaded by other users.
by MTK
CVSS 6.4
OpenBSD Dynamic Loader chpass Privilege Escalation
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.
by Qualys Corporation
CVSS 7.8
Linux kernel <5.4.2 - Privilege Escalation
In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context.
by Google Security Research
CVSS 7.8
D-Link DIR-615 Firmware - Stored Cross-Site Scripting via User Account Name Field
On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.
by Sanyam Chawla
CVSS 4.8
D-Link DIR-615 - Privilege Escalation
On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal.
by Sanyam Chawla
CVSS 6.5
By Source