Exploitdb Exploits
49,996 exploits tracked across all sources.
iSmartViewPro 1.5 - 'Account' Buffer Overflow
by Alan Joaquín Baeza Meza
Osticket - Unrestricted File Upload
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content.
by Rajwinder Singh
CVSS 9.8
TP-Link Wireless N Router WR840N - Denial of Service (PoC)
by Aniket Dinda
OpenEMR <5.0.1.4 - Command Injection
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php.
by Cody Zacharias
CVSS 8.8
QNap QVR Client 5.0.3.23100 - Denial of Service (PoC)
by Rodrigo Eduardo Rodriguez
Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR & DEP Bypass)
by Manoj Ahuje
Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking)
by Nainsi Gupta
CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass)
by Manoj Ahuje
Open-Audit Community 2.2.6 - XSS
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.
by Ranjeet Jaiswal
CVSS 6.1
Subrion CMS 4.2.1 - XSS
uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).
by Zeel Chavda
CVSS 6.1
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
by r3m0t3nu11
Wavemaker Wavemarker Studio - SSRF
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.
by Gionathan Reale
CVSS 9.6
LAMS <3.1 - XSS
There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change.
by Nikola Kojic
CVSS 6.1
Sitecore.net - Path Traversal
An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating System using a sitecore/shell/default.aspx?xmlcontrol=LogViewerDetails&file= URI. Validation is performed to ensure that the text passed to the 'file' parameter correlates to the correct log file directory. This filter can be bypassed by including a valid log filename and then appending a traditional 'dot dot' style attack.
by Chris
CVSS 7.5
Fortinet Forticlient < 5.2.3 - Information Disclosure
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call.
by sickness & mschenk
Fortinet FortiClient <5.2.4 - RCE
The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.
by sickness & mschenk
Vuze Bittorrent Client - XXE
In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Vuze, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
by Chris Moberly
CVSS 9.8
Plex Media Server - XXE
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Plex, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
by Chris Moberly
CVSS 9.8
PHP Template Store Script 3.0.6 - XSS
PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile.
by Sarafraz Khan
CVSS 5.4
Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005.
by Metasploit
CVSS 7.0
cgit < 1.2.1 - 'cgit_clone_objects()' Directory Traversal
by Google Security Research
Imperva SecureSphere <13.0-11.5 - Privilege Escalation
Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation.
by 0x09AL
CVSS 8.8
By Source