Exploitdb Exploits
50,076 exploits tracked across all sources.
Joomla! Component JiFile 2.3.1 - Arbitrary File Download
by Mr Winst0n
HumHub 1.3.12 - Stored Cross-Site Scripting via POST Request to Index View
A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request.
by Kağan EĞLENCE
CVSS 6.1
pimcore < 5.7.1 - Authenticated Remote Code Execution via Unserialize in Bulk-Commit Endpoint
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.
by Metasploit
CVSS 8.8
Domoticz <4.10579 - Info Disclosure
Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.
by Fabio Carretto
CVSS 7.5
Linux kernel <5.0.10 - Info Disclosure
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
by Google Security Research
CVSS 7.0
Spring Cloud Config < 1.4.6 - Path Traversal via Crafted URL
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
by Dhiraj Mishra
CVSS 6.5
Netgear DGN2200 / DGND3700 - Admin Password Disclosure
by Social Engineering Neo
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery via v1/system/user
A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user.
by Social Engineering Neo
CVSS 8.8
Intelbras IWR 3000N 1.5.0 - Denial of Service via Malformed Login Request
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login.
by Social Engineering Neo
CVSS 7.5
Veeam ONE Reporter <9.5.0.3201 - CSRF
Veeam ONE Reporter 9.5.0.3201 allows CSRF.
by Seyed Sadegh Khatami
CVSS 8.8
NSauditor 3.1.2.0 Denial of Service via Community Field
NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a large payload into the Community field and trigger the Walk function to cause a denial of service condition.
by Victor Mondragón
CVSS 6.2
NSauditor 3.1.2.0 - 'Name' Denial of Service (PoC)
by Victor Mondragón
NSauditor 3.1.2.0 - 'Name' Denial of Service (PoC)
by Victor Mondragón
systemd < 242 - Privilege Escalation via DynamicUser SUID Binary Execution
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.
by Google Security Research
CVSS 7.8
Apache Pluto Chat Room Demo 3.0.0-3.0.1 - Cross-Site Scripting
The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. Mitigation: * Uninstall the ChatRoomDemo war file - or - * migrate to version 3.1.0 of the chat-room-demo war file
by Dhiraj Mishra
CVSS 6.1
AnMing MP3 CD Burner 2.0 Local Denial of Service
AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition.
by Achilles
CVSS 6.2
Lavavo CD Ripper 4.20 Local SEH Buffer Overflow
Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field. Attackers can craft a payload with controlled buffer data, NSEH jump instructions, and SEH handler addresses to trigger code execution and establish a bind shell on port 3110.
by Achilles
CVSS 8.4
Backup Key Recovery 2.2.4 Denial of Service via Name Field
Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash when submitting the form.
by Victor Mondragón
CVSS 6.2
HeidiSQL Portable 10.1.0.5464 Denial of Service via Buffer Overflow
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to trigger an application crash.
by Victor Mondragón
CVSS 6.2
WinRAR <= 5.61 - Path Traversal and Remote Code Execution via ACE Filename Field
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
by Metasploit
CVSS 7.8
osTicket < 1.12 - Cross-Site Scripting via User Importer CSV File Upload
In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file inclusion.
by AkkuS
CVSS 6.1
JioFi 4G M2S 1.0.2 - Cross-Site Scripting via mask POST Parameter
cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter.
by Vikas Chaudhary
CVSS 6.1
By Source