Exploitdb Exploits
50,076 exploits tracked across all sources.
WebFile Explorer 1.0 - SQL Injection and Arbitrary File Download via download.php id Parameter
http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attack vector is: http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php.
by Ihsan Sencan
CVSS 7.5
NoMachine < 5.3.9 - Authenticated Privilege Escalation via Local File Access
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
by Daniele Linguaglossa
CVSS 8.8
Symantec Messaging Gateway < 10.6.3-267 - Cross-Site Request Forgery
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser.
by Dhiraj Mishra
CVSS 8.8
DALIM SOFTWARE ES Core 5.0 build 7184.1 - User Enumeration
by LiquidWorm
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Server-Side Request Forgery
by LiquidWorm
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal
by LiquidWorm
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request Forgery
by LiquidWorm
Android 4.4.4 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1.1 7.1.2 8.0 - Remote Code Execution in Bluetooth
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.
by Kert Ojasoo
CVSS 8.8
WildMIDI 0.4.2 - Denial of Service via Crafted MIDI File
The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
by qflb.wu
CVSS 6.5
WildMIDI 0.4.2 - Denial of Service via Crafted MIDI File
The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
by qflb.wu
CVSS 7.5
WildMIDI 0.4.2 - Denial of Service via Crafted MIDI File
The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
by qflb.wu
CVSS 7.5
Synology Photo Station < 6.7.3-3432 and 6.3-2967 - Unrestricted File Upload via PixlrEditorHandler.php Type Parameter
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.
by Kacper Szurek
CVSS 7.2
Synology Photo Station < 6.7.3-3432 RCE via Deserialization in synophoto_csPhotoMisc.php
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.
by Kacper Szurek
CVSS 9.8
Synology Photo Station < 6.7.3-3432 Path Traversal & Arbitrary File Write via PixlrEditorHandler.php
Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.
by Kacper Szurek
CVSS 7.5
Synology Photo Station < 6.7.3-3432 and 6.3-2967 - Unauthenticated Arbitrary File Upload via synotheme_upload.php
A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.
by Kacper Szurek
CVSS 9.8
Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2)
by SensePost
VMware Workstation/Fusion <12.5.4-8.5.5 - Memory Corruption
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
by unamer
CVSS 9.9
Unitrends Backup <10.0.0 - Privilege Escalation
It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges.
by Jared Arave
CVSS 8.8
Unitrends UEB http api remote code execution
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.
by Jared Arave
CVSS 9.8
Unitrends UEB bpserverd authentication bypass RCE
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.
by Jared Arave
CVSS 9.8
WildMIDI 0.4.2 - Denial of Service via Crafted MIDI File
The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
by qflb.wu
CVSS 6.5
Synology Photo Station < 6.7.3-3432 and 6.3-2967 - Exposure of Sensitive System Information via index.php
An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors.
by Kacper Szurek
CVSS 7.5
WordPress Plugin Easy Modal 2.0.17 - SQL Injection
by defensecode
Windows Shell - Remote Code Execution via Crafted .LNK File
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."
by nixawk
CVSS 8.8
Joomla StreetGuessr Game 1.1.8 SQL Injection via catid
Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the option=com_streetguess&view=maps parameters and inject SQL code in the catid parameter to extract sensitive database information including version and database names.
by Ihsan Sencan
CVSS 8.2
By Source