Exploitdb Exploits
50,076 exploits tracked across all sources.
OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path
by Sainadh Jamalpur
nostromo_nhttpd <= 1.9.6 - Remote Code Execution via Directory Traversal in http_verify
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
by Metasploit
CVSS 9.8
Apache Solr 5.0.0-8.3.1 - Remote Code Execution via Velocity Template Injection
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
by @l3x_wong
CVSS 7.5
WordPress Plugin Google Review Slider 6.1 SQL Injection via tid
WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with malicious 'tid' values to extract sensitive database information using time-based blind SQL injection techniques.
by Princy Edward
CVSS 8.2
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer Overflow
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a stack-based buffer overflow in the application's input handling.
by 4ll4u
CVSS 9.8
MikroTik RouterOS < 6.44.5 and < 6.45.6 - Unauthenticated DNS Cache Poisoning via Port 8291
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning
by Jacob Baines
CVSS 7.5
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer Overflow
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and License Code' field to trigger an application crash.
by Nithoshitha S
CVSS 7.5
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer Overflow
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a stack-based buffer overflow in the application's input handling.
by Nithoshitha S
CVSS 9.8
iSeeQ Hybrid DVR WH-H4 1.03R - Info Disclosure
iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability in the get_jpeg script that allows unauthorized access to live video streams. Attackers can retrieve video snapshots from specific camera channels by sending requests to the /cgi-bin/get_jpeg endpoint without authentication.
by LiquidWorm
CVSS 9.8
Citrix StoreFront Server 7.15 - XML External Entity Injection
by Vahagn Vardanyan
watchOS < 6.1 - Remote Code Execution via Malicious Web Content
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
MailCarrier 2.51 - Remote Code Execution via POP3 USER Command Buffer Overflow
MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remote attackers to execute arbitrary code. Attackers can send a crafted oversized buffer to the POP3 service, overwriting memory and potentially gaining remote system access.
by Lance Biggerstaff
CVSS 9.8
SecurOS Enterprise 10.2 - Privilege Escalation
SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\ISS\SecurOS\ to insert malicious code that would execute with system-level permissions during service startup.
by Alberto Vargas
CVSS 7.8
Microsoft Windows Group Policy - Security Feature Bypass via Spoofed Domain-Controller Responses
The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability."
by Thomas Zuk
Microsoft Windows - Remote Code Execution via UNC Share Authentication Bypass
The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability."
by Thomas Zuk
WordPress Core 5.2.4 - Cross-Origin Resource Sharing
by Milad Khoshdel
rconfig 3.9.2 - OS Command Injection via ajaxServerSettingsChk.php rootUname Parameter
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
by Askar
CVSS 9.8
Part-DB 0.4 - Unauthenticated Authentication Bypass via SQL Injection
Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. Attackers can submit a single quote followed by 'or' in the login form to bypass credential validation and gain unauthorized access to the application.
by Marvoloo
CVSS 7.5
Blue-Smiley-Organizer 1.32 - SQL Injection
delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind techniques, or write files to the server using INTO OUTFILE statements.
by cakes
CVSS 8.2
ChaosPro 2.0 - Stack-based Buffer Overflow in Configuration File Path Handling
ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious configuration file with carefully constructed payload to overwrite memory and gain remote code execution on vulnerable Windows XP systems.
by SYANiDE
CVSS 9.8
JumpStart 0.6.0.0 - Unquoted Service Path Privilege Escalation via jswpbapi Service
JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions.
by Roberto Escamilla
CVSS 7.8
Intelbras WRN 150 1.0.18 - Cross-Site Request Forgery via Password Change
Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password.
by Prof. Joas Antonio
CVSS 6.5
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection
by cakes
By Source