Exploitdb Exploits
50,076 exploits tracked across all sources.
D-Link DSL-2730U C1 IN_1.00 - Cross-Site Request Forgery
Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password.
by B GOVIND
CVSS 8.8
SysGauge 1.5.18 - Buffer Overflow via SMTP Service Ready String
An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.
by Peter Baris
CVSS 9.8
NETGEAR DGN2200 Firmware 10.0.0.20-10.0.0.50 - Cross-Site Request Forgery via DNS Lookup
Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely.
by SivertPL
CVSS 8.8
SysGauge 1.5.18 - SMTP Validation Buffer Overflow (Metasploit)
by Metasploit
Cisco AnyConnect - Privilege Escalation
A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system. This vulnerability affects versions prior to released versions 4.4.00243 and later and 4.3.05017 and later. Cisco Bug IDs: CSCvc43976.
by Pcchillin
CVSS 7.8
Synchronet BBS 3.16c - Denial of Service via HTTP Referer Header
Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service (service crash) via a long string in the HTTP Referer header.
by Peter Baris
CVSS 7.5
Sophos Web Appliance <4.3.1.2 - Session Fixation
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
by SlidingWindow
CVSS 8.1
NETGEAR DGN2200 Series Firmware <= 10.0.0.50 - Authenticated OS Command Injection via dnslookup.cgi host_name Parameter
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
by SivertPL
CVSS 8.8
MVPower TV-7104HE and TV7108HE Firmware - Unauthenticated Remote Code Execution via Web Shell
MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE" because of the easily identifying HTTP response server field. Other firmware versions, at least from 2014 through 2019, can be affected. This was exploited in the wild in 2017 through 2022.
by Metasploit
CVSS 9.8
WePresent WiPG-1500 Firmware 1.0.3.7 - Use of Hard-coded Credentials via Telnet Debug Mode
The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account. This account is not documented, nor is the DEBUG feature or the use of telnetd on port tcp/5885.
by Quentin Olagne
CVSS 8.1
Linux Kernel < 3.2.86 - Double Free in DCCP Packet Processing
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
by Andrey Konovalov
CVSS 7.8
Linux Kernel < 3.2.86 - Double Free in DCCP Packet Processing
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
by Andrey Konovalov
CVSS 7.8
Joomla! Component Intranet Attendance Track 2.6.5 - SQL Injection
by Ihsan Sencan
Joomla! Component Appointments for JomSocial 3.8.1 - SQL Injection
by Ihsan Sencan
NETGEAR DGN2200 Series Firmware <= 10.0.0.50 - Authenticated OS Command Injection via dnslookup.cgi host_name Parameter
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
by SivertPL
CVSS 8.8
Microsoft Edge and Internet Explorer 10-11 - Remote Code Execution via CSS Token Sequence Type Confusion
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.
by Google Security Research
CVSS 8.1
By Source