Exploitdb Exploits
50,076 exploits tracked across all sources.
Infinite Automation Mango Automation <2.6.0-430 - Command Injection
Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
by James Fitts
EMC Connectrix Manager - Remote Code Execution via Servlet File Upload
The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file.
by James Fitts
EMC Connectrix Manager - Remote Code Execution via Servlet File Upload
The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file.
by James Fitts
Astaro Security Gateway 7 - Remote Code Execution via index.plx Request
Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.
by Jakub Palaczynski
CVSS 9.8
Jungos WinDriver <12.4.0 - Privilege Escalation
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x95382673 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.
by mr_me
CVSS 7.8
osTicket - SQL Injection via Array Parameter Syntax
In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
by Mehmet Ince
CVSS 9.8
Gr8 Multiple Search Engine Script 1.0 - SQL Injection
by Ihsan Sencan
Apple <10.3.3, <10.1.2, <6.2.2, <12.6.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
Nimble Messaging Bulk SMS Marketing App 1.0 - CSRF
CSRF exists in Nimble Messaging Bulk SMS Marketing Application 1.0 for adding an admin account.
by Ihsan Sencan
CVSS 8.8
Docker Daemon - Unprotected TCP Socket (Metasploit)
by Metasploit
By Source