Exploitdb Exploits
49,996 exploits tracked across all sources.
QNAP Q'center Virtual Appliance <1.7.1063 - Info Disclosure
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.
by Metasploit
CVSS 8.8
Microhard Systems IPn4G 1.1.0 - Authenticated RCE
Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system.
by LiquidWorm
CVSS 8.8
Microhard Systems IPn4G 1.1.0 - Privilege Escalation
Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.
by LiquidWorm
CVSS 7.5
Microhard Systems IPn4G 1.1.0 - Privilege Escalation
Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disruption and requiring device restart.
by LiquidWorm
CVSS 8.1
Microhard Systems IPn4G 1.1.0 - Info Disclosure
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m_cli/', and '/tmp' to access system passwords and network settings.
by LiquidWorm
CVSS 6.5
Microhard Systems IPn4G 1.1.0 - Auth Bypass
Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests.
by LiquidWorm
CVSS 8.4
Microhard Systems IPn4G 1.1.0 - Privilege Escalation
Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root privileges.
by LiquidWorm
CVSS 8.8
Nanopool Claymore Dual Miner <7.3 - RCE
Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled.
by Metasploit
CVSS 7.5
Qnap Q'center < 1.7.1063 - OS Command Injection
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
by Metasploit
CVSS 7.2
Microsoft Enterprise Mode Site List Manager - XML External Entity Injection
by hyp3rlinx
WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting
by Berk Dusunur
PrestaShop <1.6.1.20 & <1.7.3.4 - Info Disclosure
PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.
by Charles Fol
CVSS 9.1
PrestaShop <1.6.1.20 & <1.7.3.4 - Info Disclosure
PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.
by Charles Fol
CVSS 9.1
macOS/iOS - JavaScript Injection Bug in OfficeImporter
by Google Security Research
Linux Kernel < 3.16 - Improper Privilege Management
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
by Google Security Research
CVSS 7.8
Fortify SSC <18.1 - SSRF
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
by alt3kx
CVSS 9.8
VelotiSmart WiFi B-380 - Path Traversal
The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80.
by Miguel Mendez Z
CVSS 9.8
Zeta-producer Zeta Producer < 14.2.1 - Path Traversal
The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal.
by SEC Consult
CVSS 5.5
Wago 762-3000 Firmware < 02 - Unrestricted File Upload
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.
by SEC Consult
CVSS 8.8
Wago 762-3000 Firmware < 02 - Incorrect Permission Assignment
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.
by SEC Consult
CVSS 6.5
Qnap Q'center < 1.7.1063 - OS Command Injection
Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
by Core Security
CVSS 8.8
Qnap Q'center < 1.7.1063 - OS Command Injection
Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
by Core Security
CVSS 8.8
Qnap Q'center < 1.7.1063 - OS Command Injection
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
by Core Security
CVSS 7.2
QNAP Q'center Virtual Appliance <1.7.1063 - Info Disclosure
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.
by Core Security
CVSS 8.8
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
by Metasploit
CVSS 9.8
By Source