Exploitdb Exploits
50,126 exploits tracked across all sources.
Unitrends UEB http api remote code execution
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.
by Metasploit
CVSS 9.8
Unitrends UEB bpserverd authentication bypass RCE
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.
by Metasploit
CVSS 9.8
Linux Kernel 4.13 through 4.13.7 - Sandbox Escape via waitid
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.
by @XeR_0x2A & @chaign_c
CVSS 8.8
nftp < 2.0 - Remote Code Execution via Buffer Overflow
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
by Berk Cem Göksel
CVSS 9.8
ArGoSoft Mini Mail Server < 1.0.0.2 - Denial of Service via Infinite Loop
Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop.
by Berk Cem Göksel
CVSS 5.3
Sync Breeze Enterprise 10.1.16 - 'POST' Remote Buffer Overflow
by mschenk
Firefox < 55.0 - Denial of Service via Long Username in URL Authentication Prompt
If a long user name is used in a username/password combination in a site URL (such as " http://UserName:[email protected]"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox < 55.
by Amit Sangra
CVSS 7.5
Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection
by hyp3rlinx
Checkmk - Information Disclosure
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.
by Julien Ahrens
CVSS 5.9
Afian AB FileRun 2017.03.18 - Multiple Vulnerabilities
by SEC Consult
Xen < 4.9.0 - Denial of Service via Page-Table Stacking
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
by Google Security Research
CVSS 8.8
WordPress Car Park Booking Plugin SQL Injection via space_id
WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the space_id parameter. Attackers can send GET requests to the booking-page endpoint with malicious space_id values using AND SLEEP() payloads to extract sensitive database information.
by 8bitsec
CVSS 8.2
Microsoft Edge and Internet Explorer 10-11 - Remote Code Execution via CSS Token Sequence Type Confusion
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.
by mschenk
CVSS 8.1
Apache Solr < 7.1 - Remote Code Execution via XXE in XML Query Parser
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.
by Michael Stepankin & Olga Barinova
CVSS 9.8
Internet Explorer 9-11 - Information Disclosure via Crafted Web Site
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009.
by mschenk
CVSS 4.3
By Source