Exploitdb Exploits
50,076 exploits tracked across all sources.
NSClient++ <0.5.2.35 - Privilege Escalation
A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local users. By extracting this password, an attacker can authenticate to the NSClient++ web interface (typically accessible on port 8443) and abuse the ExternalScripts plugin to inject and execute arbitrary commands as SYSTEM by registering a custom script, saving the configuration, and triggering it via the API.
This behavior is documented but insecure, as the plaintext credential exposure undermines access isolation between local users and administrative functions.
by bzyo
CVSS 7.8
Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter)
by ElSoufiane
SmartBear ReadyAPI 2.5.0-2.6.0 - Remote Code Execution via WSDL Import
The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
by Gilson Camelo
CVSS 8.8
iPhone OS < 12.1.4 and macOS < 10.14.3 - Out-of-bounds Write
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.
by ZecOps
CVSS 7.8
LG SuperSign CMS - Remote Code Execution via sourceUri Parameter
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
by Alejandro Fanjul
CVSS 9.8
Blue Angel Software Suite - Info Disclosure
A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.
by Paolo Serracino_ Pietro Minniti_ Damiano Proietti
CVSS 8.8
Blue Angel Software Suite - Command Injection
An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the ping_addr parameter in the webctrl.cgi script. The application fails to properly sanitize input before passing it to the system-level ping command. An authenticated attacker can inject arbitrary commands by appending shell metacharacters to the ping_addr parameter in a crafted GET request to /cgi-bin/webctrl.cgi?action=pingtest_update. The command's output is reflected in the application's web interface, enabling attackers to view results directly. Default and backdoor credentials can be used to access the interface and exploit the issue. Successful exploitation results in arbitrary command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.
by Paolo Serracino_ Pietro Minniti_ Damiano Proietti
CVSS 8.8
Microsoft Windows PowerShell ISE - Remote Code Execution
by hyp3rlinx
SolarWinds DameWare Mini Remote Control 10.0 - Buffer Overflow via Machine Name Size Field
DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.
by Dino Barlattani
CVSS 7.5
Social Warfare and Social Warfare Pro < 3.5.3 - Stored Cross-Site Scripting via swp_debug Parameter
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
by hash3liZer
CVSS 6.1
Zotonic < 0.47.0 - Cross-Site Scripting in mod_admin
Zotonic before version 0.47 has mod_admin XSS.
by Ramòn Janssen
CVSS 4.8
Crestron Am-100 Firmware < 2.4.1.19 - OS Command Injection
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
by Jacob Baines
CVSS 9.8
Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
by Metasploit
CVSS 9.8
CentOS-WebPanel.com <0.9.8.793,0.9.8.753,0.9.8.807 - XSS
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen.
by DKM
CVSS 4.8
Free Float FTP 1.0 STOR Command Remote Buffer Overflow
Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized payload. Attackers can authenticate with anonymous credentials and send a malicious STOR command containing 247 bytes of padding followed by a return address and shellcode to trigger code execution on the FTP server.
by Kevin Randall
CVSS 9.8
SpotAuditor 5.2.6 Name Field Denial of Service
SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration to trigger an application crash.
by Victor Mondragón
CVSS 6.2
Intelbras IWR 1000N 1.6.4 - Information Disclosure via v1/system/user Endpoint
Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled.
by Social Engineering Neo
CVSS 9.8
domoticz < 4.10578 - Unauthenticated SQL Injection via idx Parameter in CWebServer::GetFloorplanImage
Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp.
by Fabio Carretto
CVSS 9.8
Veeam ONE Reporter <9.5.0.3201 - XSS
Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx.
by Seyed Sadegh Khatami
CVSS 5.4
Veeam ONE Reporter <9.5.0.3201 - XSS
Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx.
by Seyed Sadegh Khatami
CVSS 5.4
Oracle WebLogic Server 10.3.6.0.0 and 12.1.3.0.0 - Unauthenticated Remote Code Execution via HTTP
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by Avinash Kumar Thapa
CVSS 9.8
Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow
by Kevin Randall
Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow
by Kevin Randall
AIS logistic_software < 67 - Unauthenticated SQL Injection
SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app) allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user.
by Metasploit
CVSS 9.8
By Source