Metasploit Exploits
3,189 exploits tracked across all sources.
Litespeedtech Litespeed Web Server - Information Disclosure
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
by Kingcope, xanda
LimeSurvey Zip Path Traversals
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.
by h00die, Matthew Aberegg, Michael Burkey, Federico Fernandez, Alejandro Parodi
CVSS 9.8
Dicoogle PACS Web Server <2.5.0 - Path Traversal
An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user.
by Carlos Avila, h00die
Idangero Chop Slider - SQL Injection
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
by h00die, SunCSR, Callum Murphy <[email protected]>
CVSS 9.8
Wordpress Secure Copy Content Protection and Content Locking sccp_id Unauthenticated SQLi
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.
by h00die, Hacker5preme (Ron Jost), Krzysztof Zając (kazet)
CVSS 9.8
Awesomemotive Duplicator < 1.3.28 - Path Traversal
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.
by Ramuel Gall, Hoa Nguyen - SunCSR Team
CVSS 7.5
Symantec Messaging Gateway - Credentials Management
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.
CVSS 7.8
Joomla! < 4.2.8 - Improper Access Control
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
by h00die, Tianji Lab
CVSS 5.3
Majordomo <20110203 - Path Traversal
The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.
by Nikolas Sotiriu
Jboss Enterprise Application Platform < 4.2.0.cp03 - Access Control
JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.
Yaws 1.91 - Path Traversal
Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request.
by sinn3r
CVSS 6.5
VICIdial Authenticated Remote Code Execution
An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.
by Valentin Lobstein, Jaggar Henry of KoreLogic, Inc.
CVSS 9.8
Microsoft Internet Information Services - Information Disclosure
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.
by Heather Pilkington, Matthew Dunn - k0pak4
Emby SSRF HTTP Scanner
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.
CVSS 9.8
Cisco Nac Manager - Path Traversal
Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755.
WordPress TI WooCommerce Wishlist SQL Injection (CVE-2024-43917)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2.
by Rafie Muhammad, Valentin Lobstein
CVSS 9.3
FortiMail Unauthenticated Login Bypass Scanner
An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.
by Mike Connor
CVSS 9.8
Supermicro Intelligent Platform Management Interface - Path Traversal
Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter.
by hdm, juan vazquez
CVSS 4.3
GitLab GraphQL API User Enumeration
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API.
by jbaines-r7, mungsul
CVSS 5.3
Zohocorp Manageengine Supportcenter Plus < 7.9 - Path Traversal
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.
LearnPress <3.2.6.7 - SQL Injection
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
by h00die, Omri Herscovici, Sagi Tzadik, nhattruong
CVSS 8.8
Vicidial - SQL Injection
SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.
by h00die
CVSS 6.4
Icinga Web 2 <2.9.5 - Info Disclosure
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.
by h00die, Jacob Ebben, Thomas Chauchefoin
CVSS 7.5
RIPS Scanner <0.54 - Path Traversal
A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web server by sending crafted HTTP GET requests to the 'windows/code.php' script with a manipulated 'file' parameter. This can lead to disclosure of sensitive information.
by localh0t
Spring Cloud Config <2.2.3 & <2.1.9 - Path Traversal
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
by Fei Lu, [email protected], Dhiraj Mishra
CVSS 7.5
By Source