Exploitdb Exploits
49,983 exploits tracked across all sources.
Linear eMerge E3-Series - Path Traversal
Linear eMerge E3-Series devices allow File Inclusion.
by LiquidWorm
CVSS 7.5
Linear eMerge E3-Series - CSRF
Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF).
by LiquidWorm
CVSS 8.8
Linear eMerge E3-Series - Unrestricted File Upload
Linear eMerge E3-Series devices allow Unrestricted File Upload.
by LiquidWorm
CVSS 10.0
Linear eMerge E3-Series - XSS
Linear eMerge E3-Series devices allow XSS.
by LiquidWorm
CVSS 6.1
Computrols Building Automation System < 19.0.0 - XSS
Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter.
by LiquidWorm
CVSS 6.1
Computrols Building Automation Software - Information Disclosure
Computrols CBAS 18.0.0 allows Username Enumeration.
by LiquidWorm
CVSS 5.3
Computrols Building Automation Software < 19.0.0 - CSRF
Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.
by LiquidWorm
CVSS 8.8
eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit)
by LiquidWorm
Linear eMerge E3-Series - RCE
Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH).
by LiquidWorm
CVSS 9.8
Computrols Building Automation Software - Missing Authorization
Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.
by LiquidWorm
CVSS 7.5
Adrenalin 5.4.0 - XSS
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parameter.
by Cy83rl0gger
CVSS 6.1
Adrenalin HRMS 5.4.0 - XSS
A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious JavaScript code in /RPT/SSRSDynamicEditReports.aspx via 'ReportId' parameter.
by Cy83rl0gger
CVSS 6.1
Adrenalin HRMS <5.4.0 - XSS
Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'.
by Cy83rl0gger
CVSS 6.1
Prima Systems FlexAir <2.3.38 - RCE
Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a user’s browser session in context of an affected site.
by LiquidWorm
CVSS 9.0
Alps HID Monitor Service 8.1.0.10 - Code Injection
Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\Apoint2K\HidMonitorSvc.exe to inject malicious executables and gain system-level access.
by Héctor Gabriel Chimecatl Hernández
CVSS 7.8
GCafé 3.0 - Privilege Escalation
GCafé 3.0 contains an unquoted service path vulnerability in the gbClientService that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with LocalSystem permissions.
by 4ll4u
CVSS 7.8
Adobe Acrobat DC < 15.006.30504 - Memory Corruption
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
by Google Security Research
CVSS 9.8
Adobe Acrobat DC < 15.006.30504 - Memory Corruption
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
by Google Security Research
CVSS 9.8
Apple Iphone OS < 12.4 - Insecure Deserialization
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.
by Google Security Research
CVSS 9.8
iOS IOUSBDeviceFamily 12.4.1 - 'IOInterruptEventSource' Heap Corruption (PoC)
by Sem Voigtlander
SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path
by Carlos A Garcia R
Schben Adive 2.0.7 - RCE
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.
by Pablo Santiago
CVSS 8.8
By Source