Exploitdb Exploits
50,095 exploits tracked across all sources.
Arq < 5.10 - Local Privilege Escalation via Crafted Restore Path
The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.
by Mark Wadham
CVSS 7.8
Arq < 5.10 - Local Privilege Escalation via Crafted Update URL
The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.
by Mark Wadham
CVSS 7.8
Apple tvOS < 11.2.5 - Kernel Memory Read Restriction Bypass
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
by Google Security Research
CVSS 5.5
systemd < 237 - Local Privilege Escalation via Hard Link Ownership Bypass
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.
by Michael Orlitzky
CVSS 7.8
iBall iB-WRA150N 1.2.6 - Authenticated OS Command Injection via Ping Test Arguments
iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page.
by SecuriTeam
CVSS 8.8
Netis WF2419 V2.2.36123 - Cross-Site Request Forgery
A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings.
by Sajibe Kanti
CVSS 8.8
PacsOne Server <6.6.2 - Path Traversal
PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path' parameter. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
by Carlos Avila
TSiteBuilder 1.0 - SQL Injection via id Parameter
SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php.
by Ihsan Sencan
CVSS 9.8
Task Rabbit Clone 1.0 - SQL Injection via single_blog.php id Parameter
SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.
by Ihsan Sencan
CVSS 9.8
PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection
by Carlos Avila
Multilanguage Real Estate MLM Script <= 3.0 - SQL Injection via srch Parameter
SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.
by Ihsan Sencan
CVSS 9.8
Jtag Members Directory 5.3.7 - Info Disclosure
Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter.
by Ihsan Sencan
CVSS 7.5
JS Support Ticket 1.1.0 - Cross-Site Request Forgery
CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket.
by Ihsan Sencan
CVSS 8.8
Hot Scripts Clone 3.1 - SQL Injection via Categories Subctid or Mctid Parameter
Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.
by Ihsan Sencan
CVSS 9.8
Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 - SQL Injection via chat_window.php or search_events.php
SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.
by Ihsan Sencan
CVSS 9.8
KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery via Missing x-csrf-token Header
KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header.
by Saurabh Banawar
CVSS 8.8
Rapid7 Nexpose < 6.4.66 - Cross-Site Request Forgery in Automated Actions
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.
by Shwetabh Vishnoi
CVSS 8.8
Artifex MuJS < 1.0.2 - Denial of Service via Uncontrolled Recursion in Binary Expression Parsing
jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted file.
by Andrea Sindoni
CVSS 5.5
Artifex MuJS < 1.0.2 - Integer Overflow in js_strtod
The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation.
by Andrea Sindoni
CVSS 5.5
Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code Execution
by mr_me
BMC BladeLogic Server Automation <8.7 - Auth Bypass
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure.
by Paul Taylor
CVSS 7.5
BMC Server Automation < 8.6 SP1 Patch 2 and < 8.7 Patch 3 - Improper Authorization via RSCD Agent
The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors.
by Paul Taylor
CVSS 5.3
By Source