Exploitdb Exploits
49,996 exploits tracked across all sources.
Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
by Dhiraj Mishra
CVSS 7.5
CGit <1.2.1 - Path Traversal
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
by Dhiraj Mishra
CVSS 7.5
ChinaMobile GPN2.4P21-C-CN W2001EN-00 - Unauthenticated RCE
ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access Control - Unauthenticated Remote Reboot. The impact is: PLC Wireless Router's are vulnerable to an unauthenticated remote reboot due. The component is: Reboot settings are available to unauthenticated users instead of only authenticaed users. The attack vector is: Remote.
by Chris Rose
CVSS 7.5
IBM Sterling B2b Integrator < 5.2.6 - XSS
IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141551.
by Vikas Khanna
CVSS 5.4
Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow
by Shubham Singh
Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC)
by Shubham Singh
Oracle WebLogic Server <12.2.1.3 - RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by Metasploit
CVSS 9.8
Microsoft DirectX SDK - 'Xact.exe' Remote Code Execution
by hyp3rlinx
Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC)
by Javier Enrique Rodriguez Gutierrez
IBM Sterling B2b Integrator < 5.2.6.3 - XSS
IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142967.
by Vikas Khanna
CVSS 5.4
PostgreSQL - Privilege Escalation
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
by Johannes Segitz
CVSS 7.3
Google Android - Path Traversal
In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80436257.
by Google Security Research
CVSS 6.8
MyBB Like Plugin 3.0.0 Cross-Site Scripting via User Profiles
MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile, where liked posts are displayed without sanitization.
by 0xB9
CVSS 6.1
iSmartViewPro 1.5 - 'Password' Buffer Overflow
by Javier Enrique Rodriguez Gutierrez
Synacor Zimbra Collaboration Suite < 8.6.0 - XSS
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609.
by Dino Barlattani
CVSS 6.1
Eldenroot Thank You/Like <3.1.0 - XSS
inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin before 3.1.0 for MyBB allows XSS via a post or thread subject.
by 0xB9
CVSS 6.1
Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)
by Omid Shojaei
reSIProcate <1.10.2 - Buffer Overflow
The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.
by Joachim De Zutter
CVSS 9.8
Linux Kernel < 4.14.8 - Out-of-Bounds Read
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
by Andrey Konovalov
CVSS 5.5
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)
by Wadeek
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
by Wadeek
Ericsson-LG iPECS NMS 30M - Path Traversal
Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs.
by Safak Aslan
CVSS 7.5
iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow
by Rodrigo Eduardo Rodriguez
By Source