Exploitdb Exploits
49,983 exploits tracked across all sources.
Huawei eSpace Desktop <V100R001C03 - DoS
Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file.
by LiquidWorm
Huawei eSpace Desktop <V100R001C03 - DoS
The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image.
by LiquidWorm
Huawei eSpace Desktop <V200R001C03 - DoS
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors.
by LiquidWorm
AbsoluteTelnet 10.16 - 'License name' Denial of Service (PoC)
by Victor Mondragón
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
by Marco Ivaldi
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
by Marco Ivaldi
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (1)
by Marco Ivaldi
eLabFTW 1.8.5 - Command Injection
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
by liquidsky
CVSS 8.8
Get-simple Getsimple Cms < 3.3.15 - Path Traversal
An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to the official documentation for installation step 10, an admin is required to upload all the files, including the .htaccess files, and run a health check. However, what is overlooked is that the Apache HTTP Server by default no longer enables the AllowOverride directive, leading to data/users/admin.xml password exposure. The passwords are hashed but this can be bypassed by starting with the data/other/authorization.xml API key. This allows one to target the session state, since they decided to roll their own implementation. The cookie_name is crafted information that can be leaked from the frontend (site name and version). If a someone leaks the API key and the admin username, then they can bypass authentication. To do so, they need to supply a cookie based on an SHA-1 computation of this known information. The vulnerability exists in the admin/theme-edit.php file. This file checks for forms submissions via POST requests, and for the csrf nonce. If the nonce sent is correct, then the file provided by the user is uploaded. There is a path traversal allowing write access outside the jailed themes directory root. Exploiting the traversal is not necessary because the .htaccess file is ignored. A contributing factor is that there isn't another check on the extension before saving the file, with the assumption that the parameter content is safe. This allows the creation of web accessible and executable files with arbitrary content.
by Metasploit
CVSS 9.8
Iperius Backup 6.1.0 Privilege Escalation via Backup Job
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations, which run with the privileges of the Iperius Backup Service account (Local System or Administrator), enabling privilege escalation and arbitrary code execution.
by bzyo
CVSS 8.4
CEWE PHOTO IMPORTER 6.4.3 Denial of Service via Malformed Image
CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import functionality during the image processing workflow.
by Alejandra Sánchez
CVSS 6.2
CEWE PHOTO SHOW 6.4.3 Denial of Service via Password Field
CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Attackers can paste a large string of repeated characters into the password input during the upload process to trigger an application crash.
by Alejandra Sánchez
CVSS 7.5
Sandboxie 5.30 Denial of Service via Program Alerts Buffer Overflow
Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attackers can paste a buffer of 5000 characters into the 'Select or enter a program' field during program alert configuration to trigger an application crash.
by Alejandra Sánchez
CVSS 6.2
Interspire Email Marketer <6.1.6 - File Upload
Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI.
by numan türle
CVSS 8.8
Cisco Prime Infrastructure/EPN Manager - RCE
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
by mr_me
CVSS 8.8
Axessh 4.2 Denial of Service via Log File Name
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log file name parameter, and trigger a crash when establishing a telnet connection.
by Victor Mondragón
CVSS 6.2
JetAudio jetCast Server 2.0 Local SEH Buffer Overflow
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger an SEH exception handler and execute arbitrary code with application privileges.
by Connor McGarr
CVSS 8.4
Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges.
by Victor Mondragón
CVSS 8.4
ZOC Terminal 7.23.4 Buffer Overflow Denial of Service
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when accessing the Command Shell feature.
by Victor Mondragón
CVSS 6.2
Vmware Workstation < 15.1.0 - Uncontrolled Search Path
VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed.
by Miguel Mendez Z. & Claudio Cortes C.
CVSS 7.8
ZOC Terminal v7.23.4 - 'Private key file' Denial of Service (PoC)
by Victor Mondragón
ZOC Terminal v7.23.4 - 'Private key file' Denial of Service (PoC)
by Victor Mondragón
ZOC Terminal 7.23.4 - 'Script' Denial of Service (PoC)
by Victor Mondragón
ZOC Terminal 7.23.4 - 'Script' Denial of Service (PoC)
by Victor Mondragón
By Source