Exploitdb Exploits
50,095 exploits tracked across all sources.
Brynamics Online Trade - Info Disclosure
Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for /dashboard/addplan, /dashboard/paywithcard/charge, /dashboard/withdrawal, or /privacy&terms, as demonstrated by reading database username, database password, database_name, and IP address fields, related to CVE-2018-12908.
by Dhamotharan
CVSS 9.8
Axis IP Cameras - Exposed Insecure Interface
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
by Metasploit
CVSS 9.8
Kirby 2.5.12 - Cross-Site Request Forgery in Delete Page Functionality
An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page.
by Zaran Shaikh
CVSS 4.3
Core FTP 2.0 build 653 - Denial of Service via XRMD Command
The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial of service (daemon crash) via a crafted XRMD command.
by Erik David Martin
CVSS 7.5
MusicCenter / Trivum Multiroom Setup Tool V8.76-9.34 - Auth Bypass
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).
by vulnc0d3
CVSS 9.8
10-Strike LANState 8.8 Local Buffer Overflow SEH
10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that overflows the buffer, overwrites the SEH chain, and executes shellcode when the file is opened in the application.
by absolomb
CVSS 8.4
10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH)
by absolomb
10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH)
by absolomb
GetGo Download Manager < 5.3.0.2712 - Remote Code Execution via Long HTTP Response
A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response.
by Nathu Nandwani
CVSS 9.8
Micro Focus Secure Messaging Gateway <471 - SQL Injection
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).
by Mehmet Ince
CVSS 10.0
Nagios Core < 4.4.1 - Denial of Service via NULL Pointer Dereference in qh_echo
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
by Fakhri Zulkifli
CVSS 5.5
Nagios < 4.4.1 - Denial of Service via qh_help NULL Pointer Dereference
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
by Fakhri Zulkifli
CVSS 5.5
Micro Focus SMG <471 - Command Injection
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5).
by Mehmet Ince
CVSS 9.1
Nagios Core < 4.4.1 - Denial of Service via Crafted UNIX Socket Payload
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
by Fakhri Zulkifli
CVSS 5.5
D-link DAP-1360 - Path Traversal / Cross-Site Scripting
by r3m0t3nu11
D-link DAP-1360 - Path Traversal / Cross-Site Scripting
by r3m0t3nu11
Splinterware System Scheduler Pro 5.12 Privilege Escalation
Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious executable that executes with LocalSystem privileges when the service is triggered.
by bzyo
CVSS 8.4
NUUO NVRmini Firmware - Remote Command Execution via uploaddir Parameter
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
by Berk Dusunur
CVSS 9.8
Kirby 2.5.12 - Cross-Site Request Forgery
An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages.
by Zaran Shaikh
CVSS 5.4
Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH)
by bzyo
Microsoft Windows Speech Recognition - Buffer Overflow (PoC)
by Nassim Asrir
Synology DiskStation Manager 4.1 - Directory Traversal
by Berk Dusunur
Mediabridge Medialink MWN-WAPR300N <5.07.50 - CSRF
Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users.
by Nathu Nandwani
CVSS 8.8
Davolink DVW-3200N <1.00.06 - Info Disclosure
Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device.
by Ankit Anubhav
CVSS 9.8
By Source