Exploitdb Exploits
49,996 exploits tracked across all sources.
Coship RT3052 4.0.0.48 - XSS
Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on the "Wireless Setting - Basic" screen.
by Sayan Chatterjee
CVSS 6.1
Kaseya Unitrends Backup < 10.1 - Authentication Bypass
It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes.
by Jared Arave
CVSS 9.8
Contec-touch Smart Home Firmware - Missing Authentication
Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors.
by Z3ro0ne
CVSS 9.8
Opensuse Leap < 46.0.1 - Memory Corruption
Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.
by Rh0
CVSS 8.8
Mozilla Firefox <45.0 - Firefox ESR 38.x <38.7 - RCE
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.
by Rh0
CVSS 8.8
Thunderbird <45.7, Firefox ESR <45.7, Firefox <51 - Memory Corruption
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
by Rh0
CVSS 9.8
Thunderbird <45.7, Firefox ESR <45.7, Firefox <51 - Memory Corruption
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
by Rh0
CVSS 9.8
Unitrends Backup < 10.1.10 - SQL Injection
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.
by Jared Arave
CVSS 9.8
Linux BPF Sign Extension Local Privilege Escalation
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.
by Bruce Leidl
CVSS 7.8
Microsoft Windows 7 - Memory Corruption
The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
by xiaodaozhi
CVSS 7.8
Awesomemotive Duplicator - XSS
Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter.
by Stefan Broeder
CVSS 6.1
Vmware Spring Boot < 1.5.9 - Improper Input Validation
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
by Antonio Francesco Sardella
CVSS 9.8
Mikrotik Routeros < 6.41.3 - Memory Corruption
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.
by CoreLabs
CVSS 9.8
Google Android - Out-of-Bounds Write
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71389378.
by Tamir Zahavi-Brunner
CVSS 7.8
SAP Customer Relationship Management - Path Traversal
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
by erp scan team
CVSS 6.6
SecurEnvoy SecurMail <9.2.501 - Path Traversal
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. (dot dot) in the option2 parameter in an attachment action to secmail/getmessage.exe.
by SEC Consult
CVSS 6.5
SecurEnvoy SecurMail <9.2.501 - Path Traversal
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. (dot dot) in the filename parameter to secupload2/upload.aspx.
by SEC Consult
CVSS 8.1
SecurEnvoy SecurMail <9.2.501 - Info Disclosure
SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe.
by SEC Consult
CVSS 6.5
SecurEnvoy SecurMail <9.2.501 - XSS
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe.
by SEC Consult
CVSS 6.1
SecurEnvoy SecurMail <9.2.501 - RCE
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.
by SEC Consult
CVSS 9.1
SecurEnvoy SecurMail <9.2.501 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe.
by SEC Consult
CVSS 6.5
Enalean Tuleap < 9.18 - SQL Injection
A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.
by Cristiano Maruti
CVSS 9.8
SecurEnvoy SecurMail <9.2.501 - XSS
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message.
by SEC Consult
CVSS 6.1
SC 7.16 - Stack Buffer Overflow Local Code Execution
SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 1052 bytes to overwrite the instruction pointer and execute shellcode in the application context.
by Juan Sacco
CVSS 8.4
Prismaindustriale Checkweigher Prismaweb - Hard-coded Credentials
Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js.
by LiquidWorm
CVSS 9.8
By Source