Exploitdb Exploits
49,983 exploits tracked across all sources.
CyberPanel 1.8.4 - Cross-Site Request Forgery
by Bilgi Birikim Sistemleri
Linux Mint 18.3-19.1 - 'yelp' Command Injection (Metasploit)
by b1ack0wl
Librenms - OS Command Injection
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.
by Askar
CVSS 9.8
Mozilla Firefox < 60.7.1 - Type Confusion
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
by Google Security Research
CVSS 8.8
Nagios XI - OS Command Injection
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
by Metasploit
CVSS 7.8
SAPIDO RB-1732 V2.0.43 - RCE
SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. Attackers can send POST requests with the sysCmd parameter containing shell commands to execute code on the device with router privileges.
by k1nm3n.aotoi
CVSS 9.8
Supermicro Superdoctor 5 - Missing Authentication
Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE.
by Simon Gurney
CVSS 9.8
Hidea AZ Admin - SQL Injection
hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection.
by felipe andrian
CVSS 9.8
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting
by m0ze
Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution
by XORcat
BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal
by Aaron Bishop
GSearch 1.0.1.0 Denial of Service via Search Input
GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result to trigger an application crash.
by 0xB9
CVSS 5.5
Windows - Privilege Escalation
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).
An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system.
The update addresses the vulnerability by correcting how Windows handles calls to ALPC.
by Google Security Research
CVSS 7.8
Windows Common Log File System - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.
The security update addresses the vulnerability by correcting how CLFS handles objects in memory.
by Google Security Research
CVSS 7.0
Seeddms < 5.1.11 - Unrestricted File Upload
SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940.
by Nimit Jain
CVSS 7.5
Seeddms < 5.1.11 - XSS
out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field.
by Nimit Jain
CVSS 5.4
Seeddms - XSS
out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name.
by Nimit Jain
CVSS 6.1
Origin 10.5.36 - RCE
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication.
by Metin Yunus Kandemir
CVSS 7.8
GrandNode 4.40 - Path Traversal
A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
by Corey Robinson
CVSS 7.5
Electronic Arts Origin <10.5.39 - Code Injection
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share.
by Dominik Penner
CVSS 8.8
TuneClone 2.20 Structured Exception Handler Buffer Overflow
TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH handler address pointing to a ROP gadget, then paste it into the license code field to trigger code execution and establish a bind shell.
by Achilles
CVSS 8.4
Weberp - SQL Injection
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.
by Semen Alexandrovich Lyhin
CVSS 9.8
Cisco Prime Infrastructure/EPN Manager - RCE
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
by Metasploit
CVSS 8.8
Cisco Prime Infrastructure - Runrshell Privilege Escalation (Metasploit)
by Metasploit
By Source