Exploitdb Exploits
50,076 exploits tracked across all sources.
HPE Smart Storage Administrator <2.60.18.0 - RCE
A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.
by MaKyOtOx
CVSS 8.8
BIG-IP Local Traffic Manager - Exposure of Sensitive Information via Session Tickets
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.
by Ege Balci
CVSS 7.5
WordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API
WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the wp-json/wp/v2/posts endpoint with crafted content containing insert_php shortcodes to include and execute remote PHP files on the server.
by CrashBandicot
CVSS 9.8
Mobiketa 4.0 - SQL Injection via URL Parameter
Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa 4.0 is affected by: SQL Injection. The impact is: Code execution (remote).
by Ihsan Sencan
CVSS 8.8
node-serialize < 0.0.4 - Remote Code Execution via Unserialize Function
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
by OpSecX
CVSS 9.8
Responsive Filemanger <= 9.11.0 - Arbitrary File Disclosure
by Wiswat Aswamenakul
By Source