Exploitdb Exploits
50,076 exploits tracked across all sources.
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'description' Cross-Site Scripting
by cakes
PHP 7.1.x < 7.1.33, 7.2.x < 7.2.24, 7.3.x < 7.3.11 - Remote Code Execution via FPM Buffer Overflow
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
by Emil Lerner
CVSS 8.7
WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed
by Google Security Research
ClonOS WEB control panel 19.09 - RCE
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.
by İbrahim Hakan Şeker
CVSS 9.8
WordPress Sliced Invoices 3.8.2 SQL Injection via post Parameter
WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicate_quote_invoice and malicious 'post' values to extract sensitive database information or modify data.
by Lucian Ioan Nitescu
CVSS 7.1
AUO SunVeillance Monitoring System < 1.1.9e - SQL Injection via mvc_send_mail.aspx MailAdd Parameter
AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picture_manage_mvc.aspx plant_no parameter, the swapdl_mvc.aspx plant_no parameter, and the account_management.aspx Text_Postal_Code and Text_Dis_Code parameters.
by Luca.Chiou
CVSS 7.5
AUO SunVeillance Monitoring System < 1.1.9e - Unauthenticated Unrestricted File Upload via Picture_Manage_mvc.aspx
An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via a modified authority parameter.
by Luca.Chiou
CVSS 9.8
Linux Polkit pkexec helper PTRACE_TRACEME local root exploit
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
by Metasploit
CVSS 7.8
IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path
by Sainadh Jamalpur
Joomla! 3.4.6 - Remote Code Execution (Metasploit)
by Alessandro Groppo
Rocket.Chat < 2.1.0 - Cross-Site Scripting via Markdown Image URL
Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line.
by 3H34N
CVSS 6.1
Total.js CMS 12.0.0 - Authenticated RCE
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script>
by Metasploit
CVSS 9.9
Moxa EDR-810 Firmware <= 5.1 - Authenticated Remote Code Execution via Ping Feature
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.
by RandoriSec
CVSS 7.2
Trend Micro ATTK <1.62.0.1218 - RCE
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
by hyp3rlinx
CVSS 7.8
Adobe Acrobat and Reader DC < 15.006.30504, 15.008.20082-19.021.20047 - Heap Overflow
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
by Google Security Research
CVSS 9.8
Oracle Solaris 11 - Privilege Escalation in XScreenSaver
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
by Marco Ivaldi
CVSS 8.8
WordPress Soliloquy Lite 2.5.6 Persistent Cross-Site Scripting
WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the post_title parameter, which are stored and executed when users preview the post.
by Unk9vvN
CVSS 5.4
WordPress Popup Builder 3.49 Persistent Cross-Site Scripting
WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post_title parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads in the post_title field that execute when pages or posts display popup selections.
by Unk9vvN
CVSS 5.4
WorkgroupMail 7.5.1 - Code Injection
WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
by cakes
CVSS 7.8
BlackMoon FTP Server 3.1.2.1731 - Privilege Escalation
BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with LocalSystem account permissions during service startup.
by Debashis Pal
CVSS 7.8
ThinVNC 1.0b1 - Path Traversal and Arbitrary File Read via ThinVnc.ini
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
by Nikhith Tumamlapalli
CVSS 9.8
Web Companion versions 5.1.1035.1047 - 'WCAssistantService' Unquoted Service Path
by Debashis Pal
By Source