Exploitdb Exploits
50,076 exploits tracked across all sources.
RSS News AutoPilot Script 1.0.1/3.1.0 - Admin Panel Authentication Bypass
by Arbin Godar
Colorful Blog - Cross-Site Request Forgery (Change Admin Password)
by Besim
VOX Music Player 2.8.8 - '.pls' Denial of Service
by Antonio Z.
Cisco WebEx Meetings Player T29.10 - RCE
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.
by COSIG
CVSS 7.8
Cisco WebEx Meetings Player T29.10 - DoS
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455.
by COSIG
CVSS 5.5
ApPHP MicroCMS 3.9.5 - Cross-Site Request Forgery (Add Admin)
by Besim
Adobe Flash Player <18.0.0.382,19.x-23.x - Memory Corruption
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990.
by COSIG
CVSS 8.8
Subversion < 1.6.23 - Authenticated Remote Code Execution via Shell Metacharacters in Filename
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
by GlacierZ0ne
Android < 7.0 - Information Exposure via Binder
Binder in the kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30768347.
by Google Security Research
CVSS 5.5
sheed AntiVirus 2.3 Unquoted Service Path Privilege Escalation
sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges.
by Amir.ght
CVSS 7.8
AVTECH - Improper Certificate Validation
An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks.
by Gergely Eberhardt
AVTECH IP camera, DVR, and NVR Devices - Unauthenticated Authentication Bypass via /nobody URL Path
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.
by Gergely Eberhardt
AVTECH IP camera - Command Injection
An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system commands without proper sanitation. This allows for the execution of arbitrary shell commands with root privileges.
by Gergely Eberhardt
AVTECH DVR-NVR-IP Camera - Command Injection
An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.
by Gergely Eberhardt
AVTECH IP camera, DVR, and NVR Devices - Unauthenticated OS Command Injection via Search.cgi Parameters
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC.
by Gergely Eberhardt
AVTECH IP camera, DVR, and NVR devices - Authentication Bypass via .cab URL Spoofing
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.
by Gergely Eberhardt
AVTECH DVR - Server-Side Request Forgery
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.
by Gergely Eberhardt
AVTECH IP cameras, DVR, and NVR devices - Cross-Site Request Forgery
A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration without user interaction.
by Gergely Eberhardt
By Source