Exploitdb Exploits
49,989 exploits tracked across all sources.
CMSMS <2.2.10 - Info Disclosure
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
by Daniele Scanu
CVSS 6.5
Netdata <1.13.0 - XSS
The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user. NOTE: the vendor disputes the risk because there is a clear warning next to the button for importing a snapshot
by s4vitar
CVSS 6.1
Pegasus CMS 1.0 Remote Code Execution via extra_fields.php
Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the action parameter to achieve code execution and obtain an interactive shell.
by R3zk0n
CVSS 9.8
FTPGetter Standard <5.97.0.177 - RCE
FTPGetter Standard v.5.97.0.177 allows remote code execution when a user initiates an FTP connection to an attacker-controlled machine that sends crafted responses. Long responses can also crash the FTP client with memory corruption.
by w4fz5uck5
CVSS 9.8
Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)
by LiquidWorm
Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution
by sud0woodo
Apache Tika <1.18 - Command Injection
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.
by Rhino Security Labs
CVSS 8.1
Microsoft Internet Explorer - Command Injection
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.
by Eduardo Braun Prado
CVSS 8.8
Microsoft Windows - '.reg' File / Dialog Box Message Spoofing
by hyp3rlinx
Core FTP <2.0 Build 674 - Path Traversal
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.
by Kevin Randall
CVSS 5.3
Core FTP <2.0 Build 674 - Info Disclosure
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date.
by Kevin Randall
CVSS 5.3
WordPress Media Player 1.0 - Local File Inclusion
The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter.
by Manuel García Cárdenas
CVSS 9.8
Netgate Haproxy < 0.59_16 - XSS
The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.
by Gionathan Reale
CVSS 6.1
Std42 Elfinder < 2.1.48 - OS Command Injection
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
by Metasploit
CVSS 9.8
Core FTP 2.0 build 653 PBSZ Unauthenticated Denial of Service
Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized buffer. Attackers can send a PBSZ command with a payload exceeding 211 bytes to trigger an access violation and crash the FTP server process.
by Hodorsec
CVSS 7.5
PilusCart 1.4.1 - CSRF
PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.
by Gionathan Reale
CVSS 8.8
Paessler Prtg Network Monitor < 18.2.39 - OS Command Injection
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.
by M4LV0
CVSS 7.2
NetSetMan 4.7.1 - Local Buffer Overflow (SEH Unicode)
by Devin Casadey
Flowpaper Flexpaper < 2.3.6 - Improper Input Validation
The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php.
by redtimmysec
CVSS 9.8
Liferay Portal CE 7.1.2 GA3 - Command Injection
An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call, as demonstrated by "def cmd =" in the ServerAdminPortlet_script value to group/control_panel/manage. Valid credentials for an application administrator user account are required. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run groovy scripts and therefore not a design flaw
by AkkuS
CVSS 7.2
Linux Kernel < 4.6 - Information Disclosure
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
by wally0813
CVSS 5.5
OpenKM 6.3.2-6.3.7 - RCE
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Filesystem path control in the admin's Export field. As a result, attackers can gain remote code execution through the application server with root privileges.
by AkkuS
CVSS 7.2
OrientDB 3.0.17 - XSS
OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute arbitrary JavaScript in users' browsers.
by Ozer Goker
CVSS 6.1
By Source