Exploitdb Exploits
50,076 exploits tracked across all sources.
IBM BigFix Platform 9.5.0-9.5.10 - Authenticated Arbitrary File Upload and Remote Code Execution
IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.
by Jakub Palaczynski
CVSS 9.0
LabCollector 5.423 - Unauthenticated SQL Injection via login.php or retrieve_password.php Parameters
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user_name parameter of retrieve_password.php to extract sensitive database information without authentication.
by Carlos Avila
CVSS 7.5
Android Binder Use-After-Free Exploit
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
by Google Security Research
CVSS 7.8
Anchor CMS < 0.12.7 - Sensitive Information Exposure via Error Log
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.
by Tijme Gommers
CVSS 9.8
mintinstall 7.9.9 - Remote Code Execution via Untrusted REVIEWS_CACHE Deserialization
mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and backports.
by İbrahim Hakan Şeker
CVSS 7.8
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.
by Metasploit
CVSS 8.1
DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH)
by Xavi Beltran
DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH)
by Xavi Beltran
DotNetNuke < 9.4.0 - Stored Cross-Site Scripting in Admin Notification Page
Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.
by MaYaSeVeN
CVSS 6.1
WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads
by Google Security Research
WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment
by Google Security Research
WebKit - Universal XSS Using Cached Pages
by Google Security Research
WebKit - Universal XSS in WebCore::command
by Google Security Research
thesystem 1.0 - Unauthenticated OS Command Injection via run_command Endpoint
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on the server without authentication.
by Sadik Cetin
CVSS 9.8
thesystem 1.0 - Stored Cross-Site Scripting via Operating System Parameter
thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_description, and server_name parameters to execute arbitrary JavaScript in victim browsers.
by Anıl Baran Yelken
CVSS 6.4
ARforms 3.7.1 - Unauthenticated Arbitrary File Deletion via arf_delete_file
In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname.
by Ahmad Almorabea
CVSS 7.5
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
by r00tpgp
CVSS 9.8
phpipam < 1.4 - SQL Injection via Custom Fields Filter Table Parameter
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
by Kevin Kirsche
CVSS 9.8
Embedthis GoAhead 2.5.0 - Info Disclosure
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.
by Ramikan
CVSS 8.6
Cisco Small Business 220 Series Smart Switches < 1.1.4.4 - Authenticated Command Injection via Web Management Interface
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. To send the malicious request, the attacker needs a valid login session in the web management interface as a privilege level 15 user. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to execute arbitrary shell commands with the privileges of the root user.
by bashis
CVSS 7.2
By Source