Exploitdb Exploits
50,095 exploits tracked across all sources.
Android 8.0-9.0 - Incorrect Authorization in SELinux crash_dump.te Permissions
In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376.
by Google Security Research
CVSS 7.8
Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH
Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the Help > Register dialog to trigger a reverse shell with system privileges.
by Shubham Singh
CVSS 8.4
Socusoft 3GP Photo Slideshow 8.05 Buffer Overflow SEH
Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft malicious input in the Registration Name and Registration Key fields to overwrite the SEH chain and execute shellcode for reverse shell access.
by Shubham Singh
CVSS 8.4
SocuSoft iPod Photo Slideshow 8.05 Buffer Overflow SEH
SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft malicious input in the Registration Name and Registration Key fields to trigger a stack-based buffer overflow and execute a reverse shell payload.
by Shubham Singh
CVSS 8.4
Nmap 7.70 Denial of Service via XML Entity Expansion
Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import functionality to cause the program to consume excessive system resources and crash.
by Gionathan Reale
CVSS 6.2
LINK-NET LW-N605R Firmware 12.20.2.1486 - Authenticated Remote Code Execution via Ping HOST Field
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.
by Nassim Asrir
CVSS 8.8
Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH)
by Shubham Singh
Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection
by hyp3rlinx
Apache Struts 2 Namespace Redirect OGNL Injection
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
by Metasploit
CVSS 8.1
Artifex Ghostscript <9.24 - Privilege Escalation
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
by Metasploit
CVSS 7.8
Softneta MedDream PACS Server Premium 6.7.1.1 Directory Traversal
Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and access sensitive files including system configuration and password files.
by Carlos Avila
CVSS 7.5
DVD Photo Slideshow Professional 8.07 Buffer Overflow SEH
SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious text file with carefully constructed payload containing junk bytes, SEH chain overwrite, and shellcode, then paste the contents into the Registration Name field via Help > Register to trigger code execution.
by T3jv1l
CVSS 8.4
MedDream PACS Server Premium 6.7.1.1 SQL Injection via email
MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads in the email field to extract sensitive database information from the backend MySQL database.
by Carlos Avila
CVSS 8.2
iSmartViewPro 1.5 Buffer Overflow via SavePath Parameter
iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the System Setup interface to overwrite SEH records and execute shellcode with application privileges.
by Gionathan Reale
CVSS 8.4
Tenable WAS-Scanner 7.4.1708 - Remote Command Execution
by Sameer Goyal
QNAP Photo Station <= 5.7.0 - Cross-Site Scripting
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application.
by Mitsuaki Shiraishi
CVSS 6.1
NovaRad NovaPACS Diagnostics Viewer <8.5.19.75 - XXE Injection
NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack.
by LiquidWorm
CVSS 9.8
Cisco Umbrella Enterprise Roaming Client < 2.1.118 - Improper Privilege Management
A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges.
by ParagonSec
CVSS 7.8
Cisco Umbrella Enterprise Roaming Client < 2.1.127 Privilege Escalation via File Permission Bypass
A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges.
by ParagonSec
CVSS 7.8
Jorani 0.6.5 - Stored Cross-Site Scripting via Language Parameter
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.
by Javier Olmedo
CVSS 5.4
Jorani 0.6.5 - SQL Injection via Startdate or Enddate Parameter
An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate.
by Javier Olmedo
CVSS 5.4
Apache Roller - XML External Entity Injection
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
by Marko Jokic
CVSS 9.8
Endress+Hauser WirelessHART Fieldgate SWG70 3.x - Path Traversal via fcgi-bin/wgsetcgi filename Parameter
Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.
by Hamit CİBO
CVSS 5.3
By Source