Exploitdb Exploits
50,083 exploits tracked across all sources.
PilusCart 1.4.1 SQL Injection via send Parameter
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to extract sensitive database information.
by Mehmet EMIROGLU
CVSS 8.2
NetworkSleuth 3.0 - 'Name' Denial of Service (PoC)
by Alejandra Sánchez
NetworkSleuth 3.0 - 'Name' Denial of Service (PoC)
by Alejandra Sánchez
Rukovoditel < 2.4.1 - Cross-Site Scripting via URL Without Login Module
Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.
by Mehmet EMIROGLU
CVSS 6.1
macOS < 10.13.5 - Memory Corruption in Windows Server Component
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Windows Server" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Synacktiv
CVSS 7.8
Canonical snapd <2.37.1 - Command Injection
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
by Chris Moberly
CVSS 9.8
Canonical snapd <2.37.1 - Command Injection
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
by Chris Moberly
CVSS 9.8
Docker Container Escape Via runC Overwrite
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
by embargo
CVSS 8.6
OPNsense 19.1 - Reflected Cross-Site Scripting via system_advanced_sysctl.php Value Parameter
OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the context of authenticated user sessions.
by Ozer Goker
CVSS 5.4
OPNsense 19.1 - Unauthenticated Reflected Cross-Site Scripting via Proxy Endpoint ignoreLogACL Parameter
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL parameter. Attackers can send POST requests to the proxy endpoint with JavaScript code in the ignoreLogACL parameter to execute arbitrary scripts in users' browsers.
by Ozer Goker
CVSS 6.1
OPNsense 19.1 - Unauthenticated Reflected Cross-Site Scripting via Monit Interface Mailserver Parameter
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attackers can send POST requests to the monit interface with JavaScript payloads in the mailserver parameter to execute arbitrary code in users' browsers.
by Ozer Goker
CVSS 6.1
OPNsense 19.1 - Reflected Cross-Site Scripting via vpn_ipsec_settings.php passthrough_networks Parameter
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough_networks parameter in vpn_ipsec_settings.php. Attackers can craft POST requests with JavaScript payloads in the passthrough_networks parameter to execute arbitrary code in users' browsers.
by Ozer Goker
CVSS 6.1
OPNsense 19.1 - Authenticated Stored Cross-Site Scripting via Firewall Rules Category Parameter
OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewall_rules_edit.php with script payloads in the category field to execute arbitrary JavaScript in the browsers of other users accessing firewall rule pages.
by Ozer Goker
CVSS 6.4
OPNsense 19.1 - Unauthenticated Reflected Cross-Site Scripting via diag_traceroute.php Host Parameter
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diag_traceroute.php to execute arbitrary JavaScript in the context of a user's browser session.
by Ozer Goker
CVSS 6.1
OPNsense 19.1 - Reflected Cross-Site Scripting via interfaces_vlan_edit.php Parameters
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfaces_vlan_edit.php with script payloads in the tag, descr, or vlanif parameters to execute arbitrary JavaScript in users' browsers.
by Ozer Goker
CVSS 6.1
OPNsense 19.1 - Stored Cross-Site Scripting via System Advanced Sysctl Tunable Parameter
OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context of authenticated user sessions when the page is viewed.
by Ozer Goker
CVSS 6.4
OPNsense 19.1 - Cross-Site Scripting via diag_backup.php Parameters
OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag_backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive_GDriveEmail, GDrive_GDriveFolderID, GDrive_GDriveBackupCount, Nextcloud_url, Nextcloud_user, Nextcloud_password, Nextcloud_password_encryption, and Nextcloud_backupdir. Attackers can submit POST requests with script payloads in these parameters to execute arbitrary JavaScript in the context of authenticated administrator sessions.
by Ozer Goker
CVSS 5.4
OPNsense 19.1 - Unauthenticated Reflected Cross-Site Scripting via diag_ping.php Host Parameter
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diag_ping.php endpoint with script payloads in the host parameter to execute arbitrary JavaScript in users' browsers.
by Ozer Goker
CVSS 6.1
Docker Container Escape Via runC Overwrite
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
by feexd
CVSS 8.6
BlogEngine.NET < 3.3.6.0 - Unauthenticated Path Traversal and Local File Inclusion via PostList.ascx.cs
An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an authenticated user uploads a PostView.ascx file using the file manager utility, which is currently allowed. This results in remote code execution for an authenticated user.
by Dustin Cobb
CVSS 9.8
Shenzhen Skyworth DT741 - DoS/Remote Code Execution
An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7.
by Kaustubh G. Padwad
CVSS 9.8
Android - Use-After-Free in binder.c
In several functions of binder.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025789.
by Google Security Research
CVSS 7.8
Android - Use-After-Free in Binder Allocator
In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.
by Google Security Research
CVSS 7.8
By Source