Exploitdb Exploits
50,076 exploits tracked across all sources.
Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting
by Sarath Nair
Linux Polkit pkexec helper PTRACE_TRACEME local root exploit
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
by Google Security Research
CVSS 7.8
R 3.4.4 Windows x64 - Buffer Overflow
R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler chain pivot and execute arbitrary shellcode with application privileges.
by blackleitus
CVSS 6.2
Windows AppX Deployment Service - Privilege Escalation
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
by Metasploit
CVSS 7.8
SolarWinds DameWare Mini Remote Control < 12.1 - Buffer Overflow
SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow.
by Xavi Beltran
CVSS 7.8
Microsoft Compiled HTML Help / Uncompiled .chm File - XML External Entity Injection
by hyp3rlinx
Webpanel - Information Disclosure
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
by Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Narin Boonwasanarak
CVSS 5.3
Webpanel - Unrestricted File Upload
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
by Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Narin Boonwasanarak
CVSS 7.5
CentOS Web Panel 0.9.8.838-0.9.8.846 - Auth Bypass
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360.
by Pongtorn Angsuchotmetee
CVSS 8.8
Laravel Framework < 5.5.40 and 5.6.x < 5.6.30 - Remote Code Execution via Unserialize of X-XSRF-TOKEN
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
by Metasploit
CVSS 8.1
Streamripper 2.6 - 'Song Pattern' Buffer Overflow
by Andrey Stoykov
Streamripper 2.6 - 'Song Pattern' Buffer Overflow
by Andrey Stoykov
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by RAMELLA Sebastien
CVSS 9.8
FlightPath 4.x-5.0.x - Path Traversal and Local File Inclusion via form_include Parameter
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module.
by Mohammed Althibyani
CVSS 5.3
Netgear WiFi Router JWNR2010v5 / R6080 - Authentication Bypass
by Wadeek
Cisco Small Business 200, 300, and 500 Series Switches - Unauthenticated Open Redirect via HTTP Request Parameter
A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.
by Ramikan
CVSS 4.7
Android 7.0-9 - Out-of-bounds Write in ihevcd_parse_pps
In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130024844.
by Marcin Kozlowski
CVSS 8.8
Windows - Security Feature Bypass via NETLOGON Message Session Key Exposure
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.
To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges.
The issue has been addressed by changing how NTLM validates network authentication messages.
by Google Security Research
CVSS 8.5
Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData
by Google Security Research
MyT 1.5.1 Username - Cross-Site Scripting
In MyT 1.5.1, the User[username] parameter has XSS.
by Metin Yunus Kandemir
CVSS 6.1
Xymon 4.1.x-4.3.x - Authenticated Command Injection via adduser_name Argument
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.
by Metasploit
CVSS 8.8
Sahi Pro 8.0.0 - Unauthenticated Remote Code Execution via Player_setScriptFile
_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function.
by AkkuS
CVSS 9.8
Jenkins Dependency Graph Viewer Plugin < 0.13 - Stored Cross-Site Scripting
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
by Ishaq Mohammed
CVSS 5.4
Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting
by ABDO10
Citrix SD-WAN 10.2.0-10.2.2 and NetScaler SD-WAN 10.0.0-10.0.7 - OS Command Injection
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
by Chris Lyne
CVSS 8.8
By Source