Exploitdb Exploits
50,076 exploits tracked across all sources.
AlienVault USM/OSSIM <5.3.7 & NfSen <1.3.8 - Privilege Escalation
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.
by Paul Taylor
CVSS 9.8
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
by sleepya
CVSS 8.8
nfsen < 1.3.7 - Remote Code Execution via Custom Output Format Parameter
NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field).
by Paul Taylor
CVSS 9.9
dataTaker DT80 dEX 1.50.012 - Unauthenticated Sensitive Information Exposure via config.xml Request
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.
by Nassim Asrir
CVSS 9.8
AlienVault USM/OSSIM <5.3.7/NfSen <1.3.8 - Command Injection
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862.
by Paul Taylor
CVSS 8.8
AlienVault USM/OSSIM <5.3.7/NfSen <1.3.8 - Command Injection
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863.
by Paul Taylor
CVSS 8.4
Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery / Cross-Site Scripting
by LiquidWorm
Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access)
by LiquidWorm
Easy File Sharing Web Server 7.2 - GET 'PassWD' Remote Buffer Overflow (DEP Bypass)
by Sungchul Park
Counter Strike: Condition Zero - '.BSP' Map File Code Execution
by Grant Hernandez
Apache Struts 2.1.x and 2.3.x - Remote Code Execution via ActionMessage Field Value
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
by Vex Woo
CVSS 9.8
Yaws 1.91 - Unauthenticated Path Traversal via HTTP Directory Traversal with /%5C../
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.
by hyp3rlinx
CVSS 7.5
LibTIFF 4.0.7 - Out-of-bounds Read in _TIFFVGetField
LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.
by zhangtan
CVSS 6.5
LibTIFF 4.0.8 - Memory Leak in tif_jbig.c
In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.
by team OWL337
CVSS 6.5
LibTIFF 4.0.8 - Denial of Service via TIFFWriteDirectoryTagCheckedLong8Array Assertion Abort
In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.
by team OWL337
CVSS 7.5
GoAutoDial GoAdmin CE - SQL Injection via User Credentials or PATH_INFO
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/.
by Metasploit
GoAutoDial GoAdmin CE - OS Command Injection via cpanel PATH_INFO
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.
by Metasploit
Lepide Auditor Suite - 'createdb()' Web Console Database Injection / Remote Code Execution
by mr_me
WatuPRO < 5.5.1 - SQL Injection via watupro_questions Parameter
SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php.
by Manich Koomsusi
CVSS 9.8
By Source