Exploitdb Exploits
50,095 exploits tracked across all sources.
Microsoft Windows RRAS Service - Remote Code Execution
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability".
by vportal
CVSS 6.6
WUZHI CMS 4.1.0 - XSS
A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.
by jiguang
CVSS 6.1
WUZHI CMS 4.1.0 - XSS
WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.
by jiguang
CVSS 5.4
Open-AudIT Professional 2.1.1 - Stored Cross-Site Scripting via Component Name Field
Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the "Name (display)" field to the attributes/create URI).
by Tejesh Kolisetty
CVSS 5.4
Open-AudIT Community 2.2.0 - Stored Cross-Site Scripting via Component Name
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.
by Tejesh Kolisetty
CVSS 5.4
EMC RecoverPoint <5.1.1, 5.0.1.3 - Command Injection
An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.
by Paul Taylor
CVSS 6.7
2345 Security Guard 3.7 - Denial of Service via IOCtl 0x002220e0
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x002220e0.
by anhkgg
CVSS 7.8
Alps Pointing-device Driver 10.1.101.207 - Denial of Service via ApMsgFwd File Mapping Object
An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when invalid pointers are written to the mapped section. This driver has been used with Dell, ThinkPad, and VAIO devices.
by Souhail Hammou
CVSS 5.5
MyBB Latest Posts on Profile 1.1 - XSS
The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread subject) field.
by 0xB9
CVSS 5.4
Mantis < 1.1.4 - Authenticated Remote Code Execution via Sort Parameter
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
by Metasploit
ModbusPal 1.6b - XML External Entity Injection via Crafted .xmpp or .xmpa Files
ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will return the contents of any local files to a remote attacker.
by Trent Gordon
CVSS 5.5
Fastweb FASTgate 0.00.47 - Cross-Site Request Forgery
Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc.
by Raffaele Sabato
CVSS 8.8
Allok Video Splitter 3.1.1217 Buffer Overflow via License Name
Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service or execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious payload exceeding 780 bytes, paste it into the License Name registration field, and trigger the overflow when the Register button is clicked.
by Achilles
CVSS 7.8
Microsoft Windows FxCop 10/12 - XML External Entity Injection
by hyp3rlinx
2345 Security Guard 3.7 - Denial of Service via IOCtl 0x00222040
In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-8873.
by anhkgg
CVSS 7.8
FTPShell Client 6.7 - Remote Code Execution via FTP 220 Response Buffer Overflow
An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and CVE-2017-6465.
by r4wd3r
CVSS 9.8
Palo Alto Network PAN-OS - Remote Code Execution
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.
by Metasploit
CVSS 9.8
PlaySMS 1.4 - Remote Code Execution
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.
by Metasploit
CVSS 8.8
PlaySMS 1.4 - Remote Code Execution
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.
by Metasploit
CVSS 9.8
DeviceLock Plug and Play Auditor <5.72 - Buffer Overflow
DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 has a Unicode Buffer Overflow (SEH).
by hyp3rlinx
CVSS 7.8
WordPress Plugin User Role Editor < 4.25 - Privilege Escalation
by Tomislav Paskalev
CSP MySQL User Manager 2.3.1 - SQL Injection and Authentication Bypass via Login Username
CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt.
by Youssef Mami
CVSS 9.8
GNU Wget < 1.19.5 - Cookie Injection via HTTP Response Continuation Line
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
by Harry Sintonen
CVSS 6.5
Microsoft Windows - Privilege Escalation
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
by Metasploit
CVSS 7.8
By Source