Exploitdb Exploits
50,076 exploits tracked across all sources.
CRUDLab WP Like Button <= 1.6.0 - Unauthenticated Settings Update via contains() Function
An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update settings, as demonstrated by the wp-admin/admin.php?page=facebook-like-button each_page_url or code_snippet parameter.
by Benjamin Lim
CVSS 5.3
Karenderia Multiple Restaurant System 5.3 - SQL Injection
by Mehmet EMIROGLU
Apache-SSL < 1.3.22+1.46 and mod_ssl < 2.8.7-1.3.23 - Remote Code Execution via Large Client Certificate
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
by Brian Peters
Microsoft Exchange Server 2000 SP3, 2003 SP1-SP2, 2007 - Remote Code Execution via Base64 MIME Decoding
Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
by Charles Truscott
Karenderia Multiple Restaurant System 5.3 - Local File Inclusion
by Mehmet EMIROGLU
Apache Tomcat 7.0.0-7.0.93, 8.5.0-8.5.39, 9.0.0.M1-9.0.17 - Remote Code Execution via CGI Servlet
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).
by Metasploit
CVSS 8.1
Symantec Data Loss Prevention 15.5 MP1 and prior - Cross-Site Scripting
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
by Chapman Schleiss
CVSS 4.8
Serv-U FTP Server prepareinstallation Privilege Escalation
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
by Metasploit
CVSS 8.8
Centreon 18.x < 18.10.6, 19.x < 19.04.3 - Authenticated Remote Code Execution via Monitoring Engine Binary Configuration
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).
by Askar
CVSS 8.8
Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation
This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands.
by Metasploit
CVSS 7.8
Varient 1.6.1 - Unauthenticated SQL Injection via user_id Parameter
Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter. Attackers can submit POST requests with crafted SQL payloads in the user_id field to bypass authentication and extract sensitive database information.
by Mehmet EMIROGLU
CVSS 8.2
iWT FaceSentry Access Control System 6.4.8 - Authenticated OS Command Injection via strInIP Parameter
iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script.
by LiquidWorm
CVSS 8.8
FaceSentry 6.4.8 - Command Injection
FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort' parameters.
by LiquidWorm
CVSS 8.8
FaceSentry Access Control System 6.4.8 - CSRF
FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by tricking authenticated users into loading a specially crafted webpage.
by LiquidWorm
CVSS 4.3
FaceSentry Access Control System <6.4.8 - Privilege Escalation
FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication.
by LiquidWorm
CVSS 9.8
ZoneMinder 1.32.3 - Stored Cross-Site Scripting in Filters Page Name Field
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.
by Joey Lane
CVSS 5.4
CyberPower PowerPanel Business Edition 3.4.0 - Stored Cross-Site Scripting in SNMP Trap Receivers Form
A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Upon visiting the /agent/action_recipient Event Action/Recipient page, the embedded code will be executed in the browser of the victim.
by Joey Lane
CVSS 5.4
SAP Crystal Reports for Visual Studio - Cleartext Storage of Sensitive Database Credentials
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.
by Mohamed M.Fouad
CVSS 9.8
Sahi Pro 8.0.0 - Path Traversal and File Inclusion via Script Parameter
Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion.
by Operat0r
CVSS 7.5
CyberPanel 1.8.4 - Cross-Site Request Forgery
by Bilgi Birikim Sistemleri
Linux Mint 18.3-19.1 - 'yelp' Command Injection (Metasploit)
by b1ack0wl
LibreNMS 1.46 - OS Command Injection via $_POST['community'] Parameter
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.
by Askar
CVSS 9.8
Firefox < 60.7.1, < 67.0.3 and Thunderbird < 60.7.2 - Type Confusion via Array.pop
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
by Google Security Research
CVSS 8.8
By Source