Exploitdb Exploits
50,095 exploits tracked across all sources.
SysGauge 4.5.18 Local Denial of Service via Proxy Configuration
SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can inject a large payload through the Proxy Server Host Name field in the Options menu to crash the application.
by Hashim Jawad
CVSS 6.2
osCommerce Online Merchant <2.3.4.1 - RCE
A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, the /install/ directory remains accessible after installation. An unauthenticated attacker can invoke install_4.php, submit crafted POST data, and inject arbitrary PHP code into the configure.php file. When the application later includes this file, the injected payload is executed, resulting in full server-side compromise.
by Simon Scannell
Systematic SitaWare 6.4 SP2 - Denial of Service via NVG Interface Input
Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., information utilizing the NVG interface. An attacker can freeze the Situational Layer, which means that the Situational Picture is no longer updated. Unfortunately, the user cannot notice until he tries to work with that layer.
by 2u53
CVSS 5.3
Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow
by Chris Lyne
Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow
by Himavanth Reddy
WP Security Audit Log <3.1.1 - Info Disclosure
An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information.
by Colette Chamberland
CVSS 5.3
Relevanssi < 4.0.4 - Cross-Site Scripting via Tab GET Parameter
Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter.
by Stefan Broeder
CVSS 5.4
Contact Form 7 to Database Ext <2.10.32 - Code Injection
CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.
by Stefan Broeder
CVSS 9.6
vtiger CRM 6.4.0 - Authenticated Remote Code Execution via Company Logo Upload
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.
by Touhid M.Shaikh
CVSS 7.3
MiniCMS 1.10 - Cross-Site Request Forgery in Admin Configuration
There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password.
by zixian
CVSS 8.8
Acyba AcySMS < 3.5.0 - CSV Injection via Export Feature
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export.
by Sureshbabu Narvaneni
CVSS 8.8
Acyba AcyMailing <5.9.6 - CSV Injection
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.
by Sureshbabu Narvaneni
CVSS 8.8
D-Link DIR-850L Firmware 1.02-2.06 - Authentication Bypass via SharePort Web Access Portal
An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php.
by Gem George
CVSS 9.8
Open-audit - Cross-Site Request Forgery
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.
by Nilesh Sapariya
CVSS 8.8
Homematic CCU2 Firmware < 2.29.22 - Unauthenticated Remote Code Execution via TCL Script Interpreter
Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
by Patrick Muench and Gregor Kopf
CVSS 9.8
Homematic CCU2 Firmware < 2.29.22 - Unauthenticated Path Traversal and Arbitrary File Write via User.setLanguage Method
Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
by Patrick Muench and Gregor Kopf
CVSS 9.8
Tenda W316R Wireless Router 5.07.50 - Remote DNS Change
by Todor Donev
GitStack <2.3.10 - Privilege Escalation
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.
by Metasploit
CVSS 9.8
Electron < 1.7.11 - Remote Code Execution via Protocol Handler
GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16.
by Metasploit
CVSS 8.8
Joomla! 3.7.x - SQL Injection
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
by Metasploit
CVSS 9.8
Cisco IOS - Remote Code Execution or Denial of Service via Smart Install Message
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186.
by embedi
CVSS 9.8
Western Digital My Cloud Firmware v04.05.00-320 - Authentication Bypass via Session Token in Filename
Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication bypass within a product that uses My Cloud.
by Sven Fassbender
CVSS 9.8
Windows Remote Assistance - Information Disclosure via XML External Entity Processing
Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability".
by Nabeel Ahmed
CVSS 3.1
Open-AudIT Professional 2.1 - Stored Cross-Site Scripting via Credentials Name or Description Field
Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen.
by Nilesh Sapariya
CVSS 5.4
Twonky Server 7.0.11-8.5 - Cross-Site Scripting via Friendlyname Parameter
Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all.
by Sven Fassbender
CVSS 6.1
By Source