Exploitdb Exploits
50,076 exploits tracked across all sources.
NETGEAR ReadyNAS Surveillance <1.4.3-17 x86 & <1.1.4-7 ARM - RCE via upgrade_handle.php
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.
by Kacper Szurek
CVSS 8.4
MikroTik RouterBOARD 6.39.2 and 6.40.5 - Unauthenticated Denial of Service via TCP Port 53
MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS.
by Mr Bruce
CVSS 7.5
LAquis SCADA < 4.1.0.3237 - Path Traversal
Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.
by James Fitts
CVSS 5.3
Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, 12.2.1.0 - Remote Code Execution via T3 Protocol Deserialization
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
by SlidingWindow
CVSS 9.8
Cisco Prime Collaboration Provisioning < 12.1 - Unauthenticated Command Injection via HTTP Request
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724.
by Adam Brown
CVSS 9.8
SmarterStats 11.3.6347 - Stored Cross-Site Scripting via Referer Field in HTTP Logfiles
SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.
by sqlhacker
CVSS 6.1
Mojoomla WPGYM <WordPress> - SQL Injection
Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.
by Ihsan Sencan
CVSS 8.8
Mojoomla WPCHURCH < - SQL Injection
Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.
by Ihsan Sencan
CVSS 8.8
Dasinfomedia Mojoomla WPAMS Apartment Management System for WordPress - SQL Injection
Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.
by Ihsan Sencan
CVSS 8.8
Mojoomla School Mgmt - SQL Injection
Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.
by Ihsan Sencan
CVSS 8.8
Mojoomla Hospital Management System for WordPress - SQL Injection
Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.
by Ihsan Sencan
CVSS 8.8
TeamWork TicketPlus - Code Injection
TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.
by Ihsan Sencan
CVSS 8.8
smsmaster_multipurpose_sms_gateway - SQL Injection via id Parameter
Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.
by Ihsan Sencan
CVSS 8.8
TeamWork Photo Fusion - Arbitrary File Upload
TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover.
by Ihsan Sencan
CVSS 8.8
TeamWork Job Links - Path Traversal
TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.
by Ihsan Sencan
CVSS 8.8
Mojoomla AMC - Arbitrary File Upload
Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.
by Ihsan Sencan
CVSS 6.5
NodeJS Debugger - Command Injection (Metasploit)
by Metasploit
Linux - Info Disclosure
Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary.
by Qualys Corporation
CVSS 7.8
FLIR Thermal Camera PT-Series <8.0.0.64 - Command Injection
FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem() function through shell_exec() calls. Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-06 (UTC).
by LiquidWorm
CVSS 9.8
FLIR Thermal Camera FC-S/PT <8.0.0.64 - Command Injection
FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complete control of the thermal camera system.
by LiquidWorm
CVSS 8.8
FLIR Thermal Camera F/FC/PT/D 8.0.0.64 - Use of Hard-coded Credentials
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.
by LiquidWorm
CVSS 7.5
FLIR Thermal Camera F/FC/PT/D Stream <8.0.0.64 - Info Disclosure
FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication.
by LiquidWorm
CVSS 7.5
FLIR Thermal Camera F/FC/PT/D <8.0.0.64 - Info Disclosure
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.
by LiquidWorm
CVSS 6.2
By Source