Exploitdb Exploits
49,983 exploits tracked across all sources.
ChaosPro 2.0 - Buffer Overflow
ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious configuration file with carefully constructed payload to overwrite memory and gain remote code execution on vulnerable Windows XP systems.
by SYANiDE
CVSS 9.8
JumpStart 0.6.0.0 - Code Injection
JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions.
by Roberto Escamilla
CVSS 7.8
Intelbras WRN 150 1.0.18 - CSRF
Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password.
by Prof. Joas Antonio
CVSS 6.5
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection
by cakes
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'description' Cross-Site Scripting
by cakes
Php < 7.1.33 - Out-of-Bounds Write
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
by Emil Lerner
CVSS 8.7
WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed
by Google Security Research
ClonOS WEB control panel 19.09 - RCE
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.
by İbrahim Hakan Şeker
CVSS 9.8
AUO Sunveillance Monitoring System & Data Recorder - SQL Injection
AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picture_manage_mvc.aspx plant_no parameter, the swapdl_mvc.aspx plant_no parameter, and the account_management.aspx Text_Postal_Code and Text_Dis_Code parameters.
by Luca.Chiou
CVSS 7.5
AUO Sunveillance Monitoring System & ... - Unrestricted File Upload
An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via a modified authority parameter.
by Luca.Chiou
CVSS 9.8
WordPress Plugin Sliced Invoices 3.8.2 - 'post' SQL Injection
by Lucian Ioan Nitescu
Linux Polkit pkexec helper PTRACE_TRACEME local root exploit
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
by Metasploit
CVSS 7.8
IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path
by Sainadh Jamalpur
Joomla! 3.4.6 - Remote Code Execution (Metasploit)
by Alessandro Groppo
Rocket.chat < 2.1.0 - XSS
Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line.
by 3H34N
CVSS 6.1
Total.js CMS 12.0.0 - Authenticated RCE
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script>
by Metasploit
CVSS 9.9
Moxa Edr-810 Firmware < 5.1 - Improper Input Validation
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.
by RandoriSec
CVSS 7.2
Trend Micro ATTK <1.62.0.1218 - RCE
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
by hyp3rlinx
CVSS 7.8
Adobe Acrobat DC < 15.006.30504 - Out-of-Bounds Write
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
by Google Security Research
CVSS 9.8
Oracle Solaris 11 - RCE
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
by Marco Ivaldi
CVSS 8.8
WorkgroupMail 7.5.1 - Code Injection
WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
by cakes
CVSS 7.8
BlackMoon FTP Server 3.1.2.1731 - Privilege Escalation
BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with LocalSystem account permissions during service startup.
by Debashis Pal
CVSS 7.8
By Source