Exploitdb Exploits
50,076 exploits tracked across all sources.
pfSense 2.3.4-2.4.4-p3 - Remote Code Execution via pfsense.exec_php MethodCall
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.
by Nassim Asrir
CVSS 8.8
iPhone OS < 12.4 - Out-of-bounds Read
An out-of-bounds read was addressed with improved input validation.
by Google Security Research
CVSS 9.8
Hisilicon HiIpcam V100R003 - Path Traversal
Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and network configuration parameters including usernames, passwords, and DNS settings.
by Todor Donev
CVSS 7.5
InputMapper 1.6.10 - Buffer Overflow
InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to process it, causing the application to crash.
by elkoyote07
CVSS 5.5
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - Information Disclosure
A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
by Lazy Hacker
CVSS 5.3
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
by anonymous
CVSS 9.8
Gila CMS < 1.11.1 - Path Traversal and Local File Inclusion via Admin File Manager
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
by Sainadh Jamalpur
CVSS 4.9
iPhone OS < 12.3 - Use-After-Free
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.
by Umang Raghuvanshi
CVSS 7.8
SpotIE Internet Explorer Password Recovery 2.9.5 - DoS
SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during registration to trigger a buffer overflow and crash the application.
by Emilio Revelo
CVSS 6.2
Microsoft Windows 10 - 'WSReset' UAC Protection Bypass (propsys.dll)
by valen
LayerBB < 1.1.4 - Cross-Site Request Forgery via Admin General Settings
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
by 0xB9
CVSS 8.8
DIGIT CENTRIS ERP - Unauthenticated SQL Injection via datum1, datum2, KID, and PID Parameters
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these parameters to extract or modify sensitive database information.
by n1x_
CVSS 8.2
GOautodial 4.0 - Authenticated Stored Cross-Site Scripting via Event Title Parameter
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary JavaScript in victim browsers.
by cakes
CVSS 6.4
Western Digital WD My Book World - Auth Bypass
Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me.
by Noman Riffat
CVSS 9.8
Counter-Strike: Global Offensive <1.37.1.1 - RCE/DoS
vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call.
by bi7s
CVSS 8.8
NetGain EM Plus 10.1.68 - Unauthenticated Remote Code Execution via script_test.jsp Content Parameter
NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.jsp endpoint. Attackers can send POST requests with shell commands embedded in the 'content' parameter to execute code and retrieve command output.
by azams
CVSS 9.8
Verypdf docPrint Pro 8.0 - Buffer Overflow
Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with encoded shellcode and SEH chain manipulation to bypass protections and execute a MessageBox proof-of-concept when the password fields are processed during PDF encryption.
by Connor McGarr
CVSS 8.4
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 - Unauthenticated 3DES Key Extraction via JUCI ACL Misconfiguration
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP.
by Gerard Fuguet
CVSS 6.5
Notepad++ < 7.7 - Remote Code Execution or Denial of Service via Crafted .ml File
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
by Bogdan Kurinnoy
CVSS 7.8
Windows 10 1703-1903 and Windows Server 1803-2019 - Privilege Escalation via AppX Deployment Server Junction Handling
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.
by Gabor Seljan
CVSS 7.8
CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection
by cakes
Symantec Advanced Secure Gateway and ProxySG - Unrestricted File Upload via Management Console
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
by Pankaj Kumar Thakur
CVSS 6.8
By Source