Exploitdb Exploits
50,076 exploits tracked across all sources.
Computrols CBAS < 19.0.0 - Unauthenticated Reflected Cross-Site Scripting via Username Parameter
Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter.
by LiquidWorm
CVSS 6.1
Computrols CBAS < 19.0.0 - Username Enumeration
Computrols CBAS 18.0.0 allows Username Enumeration.
by LiquidWorm
CVSS 5.3
Computrols CBAS < 19.0.0 - Cross-Site Request Forgery
Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.
by LiquidWorm
CVSS 8.8
eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit)
by LiquidWorm
Linear eMerge E3-Series Firmware < 1.00-06 - Remote Code Execution via Hard-coded SSH Credentials
Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH).
by LiquidWorm
CVSS 9.8
Computrols CBAS < 19.0.0 - Unauthenticated Source Code Disclosure via SVN Directory
Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.
by LiquidWorm
CVSS 7.5
Adrenalin 5.4.0 - Reflected Cross-Site Scripting via GeneralInfo.aspx strAction Parameter
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parameter.
by Cy83rl0gger
CVSS 6.1
Adrenalin HRMS 5.4.0 - Reflected Cross-Site Scripting via ReportId Parameter
A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious JavaScript code in /RPT/SSRSDynamicEditReports.aspx via 'ReportId' parameter.
by Cy83rl0gger
CVSS 6.1
Adrenalin HRMS <5.4.0 - XSS
Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'.
by Cy83rl0gger
CVSS 6.1
Prima Systems FlexAir <2.3.38 - RCE
Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a user’s browser session in context of an affected site.
by LiquidWorm
CVSS 9.0
Alps HID Monitor Service 8.1.0.10 - Code Injection
Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\Apoint2K\HidMonitorSvc.exe to inject malicious executables and gain system-level access.
by Héctor Gabriel Chimecatl Hernández
CVSS 7.8
GCaf 3.0 - Unquoted Service Path in gbClientService
GCafé 3.0 contains an unquoted service path vulnerability in the gbClientService that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with LocalSystem permissions.
by 4ll4u
CVSS 7.8
Adobe Acrobat and Reader DC < 15.006.30504, 15.008.20082-19.021.20047 - Untrusted Pointer Dereference
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
by Google Security Research
CVSS 9.8
Adobe Acrobat and Reader DC < 15.006.30504, 15.008.20082-19.021.20047 - Untrusted Pointer Dereference
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .
by Google Security Research
CVSS 9.8
iPhone OS < 12.4 - Use-After-Free via Untrusted NSDictionary Deserialization
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.
by Google Security Research
CVSS 9.8
iOS IOUSBDeviceFamily 12.4.1 - 'IOInterruptEventSource' Heap Corruption (PoC)
by Sem Voigtlander
SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path
by Carlos A Garcia R
Schben Adive < 2.0.7 - Privilege Escalation via User Addition
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.
by Pablo Santiago
CVSS 8.8
rconfig 3.9.2 - OS Command Injection via ajaxServerSettingsChk.php rootUname Parameter
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
by Metasploit
CVSS 9.8
Jenkins build-metrics < 1.3 - Reflected Cross-Site Scripting
A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.
by vesche
CVSS 6.1
Android Janus APK Signature bypass
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.
by Metasploit
CVSS 7.8
Adaware Web Companion 4.8.2078.3950 - Code Injection
Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Lavasoft\Web Companion\Application\ to inject malicious code that would execute with LocalSystem privileges during service startup.
by Mariela L Martínez Hdez
CVSS 7.8
By Source