Exploitdb Exploits
50,083 exploits tracked across all sources.
ThinkPHP < 3.2.4 - Remote Code Execution via Public Endpoint
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
by Yang Chenglong
CVSS 8.8
WordPress Plugin Cerber Security_ Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities
by ed0x21son
elFinder < 2.1.48 - OS Command Injection in PHP Connector
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
by q3rv0
CVSS 9.8
Craft CMS 3.1.12 Pro - Stored Cross-Site Scripting in Header Insertion Field
In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.
by Ismail Tasdelen
CVSS 6.1
phpscheduleit Booked Scheduler <2.7.5 - RCE
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension.
by AkkuS
CVSS 8.8
Bolt 3.6.4 - Cross-Site Scripting via Slug, Teaser, or Title Parameter
Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.
by Ismail Tasdelen
CVSS 6.1
Raisecom ISCOM HT803G-U/-W/-1GE/GPON <2.0.0_140521_R4.1.47.002 - Co...
An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a system call in the firmware. Because there is no user input validation, this leads to authenticated code execution on the device.
by JameelNabbo
CVSS 7.8
FiberHome AN5506-04-F RP2669 - Cross-Site Scripting
FiberHome an5506-04-f RP2669 devices have XSS.
by Tauco
CVSS 5.4
WordPress < 4.9.9 and 5.x < 5.0.1 - Authenticated Remote Code Execution via Image Metadata
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
by allyshka
CVSS 8.8
Cisco Webex Meetings < 33.6.6 Authenticated OS Command Injection via Update Service
A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools. This vulnerability is fixed in Cisco Webex Meetings Desktop App Release 33.6.6 and 33.9.1 releases. This vulnerability is fixed in Cisco Webex Productivity Tools Release 33.0.7.
by SecureAuth
CVSS 7.8
WordPress <= 5.0.3 - Authenticated Path Traversal via Image Crop Filename
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
by allyshka
CVSS 6.5
tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads
by Google Security Research
Google Chrome < M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost
by Google Security Research
Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
by Google Security Research
Google Chrome < M72 - PaymentRequest Service Use-After-Free
by Google Security Research
Google Chrome < M72 - FileWriterImpl Use-After-Free
by Google Security Research
macOS XNU - Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image
by Google Security Research
Linux Kernel 4.19-4.19.24 - Out-of-bounds Write in SNMP NAT Module
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper.
by Google Security Research
CVSS 7.8
TransMac 12.3 Denial of Service via Volume Name Field
TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can create a malicious file with 1000 repeated characters, paste the content into the volume name field during disk image creation, and trigger an application crash.
by Alejandra Sánchez
CVSS 6.2
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
by Mr Winst0n
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
by Mr Winst0n
J2Store 3.3.0-3.3.6 - SQL Injection via product_option[] Parameter
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter.
by Andrei Conache
CVSS 9.8
By Source