Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-2641 EXPLOITDB
Sophos Web Appliance <3.7.8.2 - Path Traversal
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.
CVE-2013-2642 EXPLOITDB
Sophos Web Appliance <3.7.8.2 - RCE
Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality.
CVE-2013-4983 EXPLOITDB
Sophos Web Appliance <3.7.9.1, <3.8.1.1 - Command Injection
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
CVE-2014-3828 EXPLOITDB ruby
Centreon 2.5.1 and Centreon Enterprise Server 2.2 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/.
CVE-2019-13360 EXPLOITDB CRITICAL
Webpanel - Insecure Direct Object Reference
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
CVSS 9.8
CVE-2020-5847 EXPLOITDB CRITICAL ruby
Unraid < 6.8.0 - Unauthenticated Remote Code Execution
Unraid through 6.8.0 allows Remote Code Execution.
CVSS 9.8
CVE-2018-20062 EXPLOITDB CRITICAL ruby
NoneCms V1.3 - Remote Code Execution via Filter Parameter
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.
CVSS 9.8
CVE-2019-19509 EXPLOITDB HIGH ruby
rConfig 3.9.3 - Authenticated OS Command Injection via ajaxArchiveFiles.php Path Parameter
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.
CVSS 8.8
CVE-2014-6271 EXPLOITDB CRITICAL ruby
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS 9.8
CVE-2014-7169 EXPLOITDB CRITICAL ruby
GNU Bash < 4.3 - Remote Code Execution via Malformed Environment Variable Function Definitions
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
CVSS 9.8
CVE-2014-6271 EXPLOITDB CRITICAL python
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS 9.8
CVE-2014-7169 EXPLOITDB CRITICAL python
GNU Bash < 4.3 - Remote Code Execution via Malformed Environment Variable Function Definitions
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
CVSS 9.8
CVE-2013-6829 EXPLOITDB
PineApp Mail-SeCure - Remote Code Execution via Ping Host Parameter
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.
CVE-2013-6830 EXPLOITDB
PineApp Mail-SeCure 3.70 and earlier on 5099SK - Remote Code Execution via nsserver Parameter
admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation.
CVE-2017-16894 EXPLOITDB HIGH ruby
Laravel <5.5.21 - Information Disclosure
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.
CVSS 7.5
CVE-1999-0235 EXPLOITDB c
NCSA WebServer 1.4.1 and below - Buffer Overflow
Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access.
CVE-1999-0235 EXPLOITDB c
NCSA WebServer 1.4.1 and below - Buffer Overflow
Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access.
CVE-2018-15708 EXPLOITDB CRITICAL ruby
Nagios XI Magpie_debug.php Root Remote Code Execution
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
CVSS 9.8
CVE-2012-6081 EXPLOITDB ruby
MoinMoin < 1.9.6 - Authenticated Remote Code Execution via File Upload
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.
CVE-2020-12351 EXPLOITDB HIGH c
Linux Kernel 4.7.7-4.9.239 - Unauthenticated Privilege Escalation via BlueZ Input Validation
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVSS 8.8
CVE-1999-0077 EXPLOITDB
Windows NT - Predictable TCP Sequence Number Spoofing
Predictable TCP sequence numbers allow spoofing.
CVE-2000-0916 EXPLOITDB
FreeBSD <= 4.1.1 - TCP Sequence Number Spoofing via Insufficient Randomness
FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections.
CVE-2001-0162 EXPLOITDB
Windows Embedded Compact 3.0.9348 - TCP Connection Spoofing via Predictable ISNs
WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
CVE-2001-0163 EXPLOITDB
Cisco Aironet AP340 - TCP Connection Spoofing via Predictable ISNs
Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
CVE-2001-0288 EXPLOITDB
Cisco IOS < 12.1 - TCP Connection Spoofing via Predictable ISN
Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
By Source
All 50,076 Writeup 62,320 Exploitdb 50,076 Nomisec 22,421 Github 3,644 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,581 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 132 go 73 postscript 25 typescript 25