Exploitdb Exploits
50,095 exploits tracked across all sources.
wunderfarm WF Cookie Consent 1.1.3 - Stored Cross-Site Scripting via Page Title
An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a page title.
by B0UG
CVSS 6.1
IceWarp Mail Server <11.2 - Path Traversal
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php.
by Trustwave's SpiderLabs
CVSS 7.5
Google Chrome <65.0.3325.146 - Heap Corruption
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by Google Security Research
CVSS 8.8
Dasan GPON Router Firmware - Authentication Bypass via URL Parameter Injection
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.
by vpnmentor
CVSS 9.8
TIBCO JasperReports Server - Info Disclosure
The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.
by Hector Monsegur
CVSS 8.8
Dasan GPON Router Firmware - OS Command Injection via diag_action ping dest_host Parameter
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
by vpnmentor
CVSS 9.8
Easy MPEG to DVD Burner 1.7.11 SEH Local Buffer Overflow
Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode that overwrites the SEH handler to redirect execution and run arbitrary commands like opening calc.exe.
by Marwan Shamel
CVSS 8.4
Xdebug < 2.5.5 - Unauthenticated OS Command Injection via Remote Debugger Interface
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker can send a crafted eval command over this interface to execute arbitrary PHP code, which may invoke system-level functions such as system() or passthru(). This results in full compromise of the host under the privileges of the web server user.
by Metasploit
LibreOffice 6.0.3 - Apache OpenOffice Writer 4.1.5 - Info Disclosure
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.
by Richard Davy
CVSS 7.5
Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service
by Tenable NS
Metasploit Framework - 'msfd' Remote Code Execution (via Browser) (Metasploit)
by Metasploit
Metasploit Framework - 'msfd' Remote Code Execution (Metasploit)
by Metasploit
Cockpit 0.4.4-0.5.5 - Server-Side Request Forgery via URL Parameter
SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about version 0.13.0, which (surprisingly) is an earlier version than 0.4.4.
by Qian Wu_ Bo Wang_ Jiawang Zhang
CVSS 9.1
Safari < 11.1 - Remote Code Execution via WebCore::jsElementScrollHeightGetter Use-After-Free
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free.
by Google Security Research
CVSS 8.8
Exim < 4.90.1 - Remote Code Execution via base64d Buffer Overflow
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
by straight_blast
CVSS 9.8
TBK DVR4104 and DVR4216 - Unauthenticated Authentication Bypass via Cookie Header
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
by ezelf
CVSS 9.8
Norton Core <v237 - Command Injection
The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a type of attack in which the goal is execution of arbitrary commands on the host system via vulnerable software.
by embedi
CVSS 8.0
Responsive Cookie Consent <1.8 - XSS
The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS.
by B0UG
CVSS 5.4
Nagios XI 5.2.0-5.4.12 - Remote Code Execution via OS Command Injection
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.
by Jared Arave
CVSS 8.8
Nagios XI 5.2.0-5.4.12 - SQL Injection via selInfoKey1 Parameter
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.
by Jared Arave
CVSS 9.8
Nagios XI 5.2.0-5.4.12 - Unauthenticated SQL Injection via Core Config Manager
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability.
by Jared Arave
CVSS 9.8
WebDorado Form Maker by WD <1.12.24 - Code Injection
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.
by Sairam Jetty
CVSS 7.8
By Source