Exploitdb Exploits
50,095 exploits tracked across all sources.
Textpattern < 4.6.2 - SQL Injection via qty Parameter
An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.
by Manuel García Cárdenas
CVSS 9.8
Eclipse Equinoxe OSGi Console - Command Execution (Metasploit)
by Metasploit
Zoho ManageEngine Applications Manager <13.6 - Command Injection
A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection.
by Mehmet Ince
CVSS 9.8
MikroTik RouterOS < 6.38.4 (x86) - 'Chimay Red' Stack Clash Remote Code Execution
by Lorenzo Santina
MikroTik RouterOS < 6.38.4 (MIPSBE) - 'Chimay Red' Stack Clash Remote Code Execution
by Lorenzo Santina
Sony Playstation 4 (PS4) 4.55 < 5.50 - WebKit Code Execution (PoC)
by qwertyoruiop
WebLog Expert Web Server Enterprise 9.4 - Incorrect Permission Assignment for Critical Resource
\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as admin.
by hyp3rlinx
CVSS 7.8
WebLog Expert Web Server Enterprise 9.4 - Denial of Service via Long HTTP Accept Header
WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HTTP Accept Header to TCP port 9991.
by hyp3rlinx
CVSS 7.5
Bacula-web < 8.0.0-rc2 - SQL Injection
Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.
by Gustavo Sorondo
CVSS 9.8
memcached 1.5.5 - Denial of Service via UDP Traffic Amplification
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.
by 649
CVSS 7.5
Redaxo CMS Addon MyEvents 2.2.1 SQL Injection via event_add.php
Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Attackers can send GET requests to the event_add.php page with malicious myevents_id values to extract or modify sensitive database information.
by h0n1gsp3cht
CVSS 7.1
antsle antman <0.9.1a - Auth Bypass
antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=>&password=%0a string to the /login URI. This allows obtaining root permissions within the web management console, because the login process uses Java's ProcessBuilder class and a bash script called antsle-auth with insufficient input validation.
by Joshua Bowser
CVSS 9.8
Softros Network Time System 2.3.4 - Denial of Service via 11-Byte Packet
NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 allows remote attackers to cause a denial of service (daemon crash) by sending exactly 11 bytes.
by hyp3rlinx
CVSS 7.5
Bravo Tejari Procurement Portal - Authenticated Cross-Site Request Forgery in Profile Data Update
Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens.
by Arvind V
CVSS 8.0
Chrome V8 JIT - Simplified-lowererer IrOpcode::kStoreField_ IrOpcode::kStoreElement Optimization Bug
by Google Security Research
Chrome V8 JIT - JSBuiltinReducer::ReduceObjectCreate Fails to Ensure that the Prototype is _null_
by Google Security Research
Chrome V8 JIT - Empty BytecodeJumpTable Out-of-Bounds Read
by Google Security Research
Chrome V8 JIT - 'GetSpecializationContext' Type Confusion
by Google Security Research
Xion 1.0.125 - '.m3u' Local SEH-Based Unicode Venetian Exploit
by synthetic
Dup Scout Enterprise 10.5.12 - 'Share Username' Local Buffer Overflow
by bzyo
ActivePDF Toolkit < 8.1.0.19023 - Remote Code Execution via Pictview Image Processing
The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process untrusted images.
by François Goichon
CVSS 9.8
ClipBucket < 4.0.0 - Release 4902 - Command Injection / File Upload / SQL Injection
by SEC Consult
ClipBucket < 4.0.0 - Release 4902 - Command Injection / File Upload / SQL Injection
by SEC Consult
Suricata < 4.0.4 - HTTP Detection Bypass via TCP Handshake Evasion
Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.
by Positive Technologies
CVSS 5.3
Sophos UTM 9.410 - 'loginuser' 'confd' Service Privilege Escalation
by KoreLogic
By Source