Exploitdb Exploits
50,095 exploits tracked across all sources.
NComputing vSpace Pro <11 - Info Disclosure
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667.
by Javier Bernardo
CVSS 7.5
VMware Workstation 12.5.2 - Drag n Drop Use-After-Free (Pwn2Own 2017) (PoC)
by keenlab
phpMyAdmin 4.8.0 - Cross-Site Request Forgery
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
by revengsh
CVSS 8.8
Monstra CMS 3.0.4 - Stored Cross-Site Scripting in Blog Page Content
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog.
by Wenming Jiang
CVSS 4.8
Drupal Avatar Uploader 7.x-1.0-beta8 - Unauthenticated Path Traversal
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.
by Larry W. Cashdollar
CVSS 7.5
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
by r4wd3r
CVSS 9.8
Oracle WebLogic Server <12.2.1.3 - RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by brianwrf
CVSS 9.8
Western Bridge Cobub Razor <0.8.0 - Info Disclosure
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php.
by Kyhvedn
CVSS 7.5
Western Bridge Cobub Razor 0.8.0 - Info Disclosure
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php in tests/.
by Kyhvedn
CVSS 5.3
VX Search 10.6.18 Local Buffer Overflow via Directory Field
VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craft a malicious input file containing 271 bytes of junk data followed by a return address to execute arbitrary code with application privileges.
by Kevin McGuigan
CVSS 8.4
Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery
Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modify component settings when administrators visit attacker-controlled pages.
by Sureshbabu Narvaneni
CVSS 5.3
PDFunite 0.41.0 Buffer Overflow via Malformed PDF
PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF file to the pdfunite utility.
by Hamm3r.py
CVSS 6.2
librsvg2-bin 2.40.13 - Malformed SVG Buffer Overflow
librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to trigger a segmentation fault in the cairo image compositor.
by Hamm3r.py
CVSS 6.2
Geist WatchDog Console 3.2.2 - Authenticated Stored Cross-Site Scripting via Server Description
Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description.
by bzyo
CVSS 4.8
Geist WatchDog Console 3.2.2 - Info Disclosure
XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data.
by bzyo
CVSS 4.9
Geist WatchDog Console <3.2.2 - Info Disclosure
Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml.
by bzyo
CVSS 7.8
Easy File Sharing Web Server 7.2 - Remote Code Execution via Malicious Login Request
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791.
by rebeyond
CVSS 9.8
Caldera Forms < 1.6.0-rc.1 - Stored Cross-Site Scripting via Greeting Message, Email Log, or Imported Form
Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form.
by Federico Scalco
CVSS 4.8
Rvsitebuilder CMS - Database Backup Download
by Hesam Bazvand
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting
by Keerati T.
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting
by Keerati T.
Match Clone Script 1.0.4 - Cross-Site Scripting via Search Field
PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen).
by ManhNho
CVSS 6.1
Kodi < 17.6 - Stored Cross-Site Scripting via Playlist
A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.
by Manuel García Cárdenas
CVSS 6.1
Lutron Quantum BACnet Integration <3.2.243 - Info Disclosure
Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure.
by SadFud
CVSS 7.5
Ultra Mini HTTPD 1.21 - Buffer Overflow
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
by jollymongrel
By Source