Exploitdb Exploits
50,095 exploits tracked across all sources.
CoSoSys Endpoint Protector 4.5.0.1 - (Authenticated) Remote Root Command Injection
by 0x09AL
ASUS DSL-N12E_C1 1.1.2.3_345 - Remote Command Execution
by Fakhri Zulkifli
Allok Fast AVI MPEG Splitter 1.2 - Buffer Overflow (PoC)
by Shubham Singh
WebRTC - VP8 Block Decoding Use-After-Free
by Google Security Research
WebRTC - H264 NAL Packet Processing Type Confusion
by Google Security Research
WebRTC - FEC Processing Overflow
by Google Security Research
SonicWall Global Management System - XMLRPC set_time_zone Command Injection (Metasploit)
by Metasploit
Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service (PoC)
by Luis Martínez
ipPulse 1.92 - 'Licence Key' Denial of Service (PoC)
by Shubham Singh
nystudio107 SEOmatic < 3.1.4 - Server-Side Template Injection via Canonical URL Generation
A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.
by 0xB455
CVSS 7.5
Allok MOV Converter 4.6.1217 - Buffer Overflow (SEH)
by Shubham Singh
Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service (PoC)
by vportal
ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service (PoC)
by Luis Martínez
Charles Proxy < 4.2.1 - Local Privilege Escalation via Race Condition in Settings Binary
Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option.
by Mark Wadham
CVSS 7.0
Responsive FileManager 9.13.1 - SSRF
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.
by GUIA BRAHIM FOUAD
CVSS 9.8
H2 <1.4.197 - Info Disclosure
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.
by owodelta
CVSS 6.5
fuse < 2.9.8 and 3.x < 3.2.5 - Privilege Escalation via fusermount SELinux Bypass
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.
by Google Security Research
CVSS 5.3
Axis IP Cameras - Access Control Bypass
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
by Metasploit
CVSS 9.8
Axis IP Cameras - OS Command Injection
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
by Metasploit
CVSS 9.8
QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service (PoC)
by Luis Martínez
NetScanTools Basic Edition 2.5 - 'Hostname' Denial of Service (PoC)
by Luis Martínez
SoftNAS Cloud <4.0.3 - Command Injection
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions.
by Core Security
CVSS 9.8
WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit)
by Metasploit
Google Chrome <67.0.3396.62 - Memory Corruption
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
by Google Security Research
CVSS 8.8
By Source