Exploitdb Exploits
50,095 exploits tracked across all sources.
Flexense VX Search Enterprise 10.1.12 - Denial of Service via Crafted SERVER_GET_INFO Packet
In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123.
by Ahmad Mahfouz
CVSS 7.5
Flexense Syncbreeze - Denial of Service
In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121.
by Ahmad Mahfouz
CVSS 7.5
Flexense DiskBoss Enterprise 8.5.12 - Denial of Service via Crafted SERVER_GET_INFO Packet
In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094.
by Ahmad Mahfouz
CVSS 7.5
Flexense Disk Pulse Enterprise 10.1.18 - Denial of Service via Crafted SERVER_GET_INFO Packet
In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120.
by Ahmad Mahfouz
CVSS 7.5
BarcodeWiz ActiveX Control < 6.7 - Buffer Overflow (PoC)
by hyp3rlinx
WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload
by NinTechNet
Vanilla Forums < 2.1.5 - Cross-Site Request Forgery Leading to Topic and Comment Deletion
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
by Anand Meyyappan
CVSS 8.0
Synology Photostation < 6.7.2-3429 - Multiple Vulnerabilities
by GulfTech Security
SonicWall NSA 6600/5600/4600/3600/2600/250M - Multiple Vulnerabilities
by Vulnerability-Lab
FiberHome Mobile WIFI Device - Info Disclosure
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password.
by Ibad Shah
CVSS 9.8
Synology DSM <6.1.3-15152 - Info Disclosure
An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.
by Steve Kaun
CVSS 5.3
Android - Out-of-bounds Write in ashmem_ioctl
In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.
by Google Security Research
CVSS 7.8
GPS Tracking Software 2.x - Info Disclosure
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php.
by Noman Riffat
CVSS 9.8
nftp < 2.0 - Remote Code Execution via Buffer Overflow
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
by Metasploit
CVSS 9.8
Windows Kernel - Elevation of Privilege via Memory Object Handling
The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
GetGo Download Manager 5.3.0.2712 - 'Proxy' Buffer Overflow
by devcoinfet
GPS Tracking Software <3.0 - Code Injection
The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request.
by Noman Riffat
CVSS 9.8
VMware Workstation - ALSA Config File Local Privilege Escalation (Metasploit)
by Metasploit
gespage < 7.4.9 - SQL Injection via show_prn or show_month Parameter
Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp.
by Sysdream
CVSS 9.8
Cisco IOS and IOS XE - Authenticated Remote Code Execution via SNMP Buffer Overflow
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities.
The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP - Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload.
Customers are advised to apply the workaround as contained in the Workarounds section below. Fixed software information is available via the Cisco IOS Software Checker. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable.
There are workarounds that address these vulnerabilities.
by Artem Kondratenko
CVSS 8.8
Xplico < 1.2.1 - Unauthenticated Remote Code Execution via PCAP File Upload
Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature.
by Mehmet Ince
CVSS 8.8
Linksys WVBR0 < 1.0.41 - Unauthenticated Remote Code Execution via Web Management Portal
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.
by Metasploit
CVSS 9.8
Smart Google Code Inserter < 3.5 - Unauthenticated Arbitrary Code Insertion via sgcgoogleanalytic Parameter
Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code.
by Benjamin Lim
CVSS 9.8
Intel Atom C/E/X3 - Information Disclosure via Speculative Execution Side-Channel
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
by Multiple
CVSS 5.6
By Source