Exploitdb Exploits
50,076 exploits tracked across all sources.
Peplink Balance 305, 380, 580, 710, 1350, and 2500 Firmware - Cross-Site Request Forgery in Administrative CGI Scripts
CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.
by X41 D-Sec GmbH
CVSS 8.8
Peplink Balance 305, 380, 580, 710, 1350, and 2500 Firmware < 7.0.1-build2093 - SQL Injection via bauth Cookie
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.
by X41 D-Sec GmbH
CVSS 9.8
WordPress Plugin Tribulant Newsletters 4.6.4.2 - File Disclosure / Cross-Site Scripting
by defensecode
Apache Struts 2.3.19-2.3.20.2, 2.3.21-2.3.24.1, 2.3.25-2.3.28 - Remote Code Execution
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
by nixawk
CVSS 9.8
Safari < 10.1.1 - Remote Code Execution via WebKit Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by saelo
CVSS 8.8
Peplink Balance 305 380 580 710 1350 2500 Firmware - Arbitrary File Deletion via upfile.path Parameter
Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.path parameter.
by X41 D-Sec GmbH
CVSS 8.1
Subsonic 6.1.1 - Cross-Site Request Forgery in Podcast Feature
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks.
by hyp3rlinx
CVSS 8.8
Subsonic 6.1.1 - Cross-Site Request Forgery in Podcast Subscription
Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view.
by hyp3rlinx
CVSS 8.8
subsonic 6.1.1 - Cross-Site Request Forgery via userSettings.view
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.
by hyp3rlinx
CVSS 7.5
Subsonic 6.1.1 - Server-Side Request Forgery via Import Playlist Feature
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
by hyp3rlinx
CVSS 7.4
Parallels Desktop - Virtual Machine Escape
by Mohammad Reza Espargham
BIND 9.2.6-P2-9.11.1 - Privilege Escalation via Unquoted Service Path
The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.
by hyp3rlinx
CVSS 7.2
Wireshark 2.2.0-2.2.6 - Denial of Service in IPv6 Dissector
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.
by OSS-Fuzz
CVSS 7.5
Wireshark 2.2.0-2.2.6 - Use After Free
In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.
by OSS-Fuzz
CVSS 7.5
dnstracer < 1.9 - Stack-based Buffer Overflow via Long Command Line Argument
Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string.
by FarazPajohan
CVSS 9.8
EnGenius EnShare Cloud Service <1.4.11 - Command Injection
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC.
by LiquidWorm
CVSS 9.8
WordPress Event List <0.7.8 - SQL Injection
SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php.
by Dimitrios Tsagkarakis
CVSS 8.8
Joomla Payage 2.05 SQL Injection via aid Parameter
Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the make_payment task to extract sensitive database information using boolean-based blind or time-based blind techniques.
by Persian Hack Team
CVSS 8.2
WP-Testimonials 3.4.1 - SQL Injection
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.
by Dimitrios Tsagkarakis
CVSS 8.8
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow (PoC)
by n3ckD_
HPE Intelligent Management Center PLAT 7.3 E0504P04 - Remote Code Execution
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
by SecuriTeam
CVSS 9.8
Sungard eTRAKiT3 <3.2.1.17 - SQL Injection
The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable.
by Goran Tuzovic
CVSS 9.8
Riverbed SteelHead VCX <9.6.0a - Path Traversal
A path traversal vulnerability exists in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacker can exploit this flaw by submitting crafted filter expressions to the log_filter endpoint using the filterStr parameter. This input is processed by a backend parser that permits execution of file expansion syntax, allowing the attacker to retrieve arbitrary system files via the log viewing interface.
by Gregory Draperi
By Source