Exploitdb Exploits
50,076 exploits tracked across all sources.
AVTECH IP Camera, NVR, and DVR Devices - Authenticated OS Command Injection via CloudSetup.cgi exefile Parameter
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The `exefile` parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke this endpoint can supply crafted input to execute arbitrary system commands as root. Successful exploitation grants full control of the device, and - depending on deployment and whether the device stores credentials or has network reachability to internal systems - may enable credential theft, lateral movement, or data exfiltration. The archived SEARCH-LAB disclosure implies that this vulnerability was remediated in early 2017, but AVTECH has not defined an affected version range.
by Gergely Eberhardt
RSA Enterprise Compromise Assessment Tool 4.1.0.1 - XML External Entity Injection
by SEC Consult
Minecraft Launcher 1.6.61 - Insecure File Permissions Privilege Escalation
by Ross Marks
ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)
by Besim
Linux Kernel recvmmsg Privilege Escalation
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.
by Metasploit
Allwinner 3.4 Legacy Kernel - Local Privilege Escalation (Metasploit)
by Metasploit
Android < 4.4.4/5.0.2/5.1.1/2016-10-01 DoS via Spoofed GPS Host
The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service (memory consumption, and device hang or reboot) via a large xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 29555864.
by Nightwatch Cybersecurity Research
CVSS 5.9
Zend Studio IDE 13.5.1 - Insecure File Permissions Privilege Escalation
by hyp3rlinx
Spacemarc News - Cross-Site Request Forgery (Add New Post)
by Besim
Maian Weblog 4.0 - Cross-Site Request Forgery (Add New Post)
by Besim
Persistent Systems Radia Client Automation <9.1 - RCE
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
by SlidingWindow
Linux Kernel 4.6.3 Netfilter Privilege Escalation
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
by Qian Zhang
CVSS 7.8
Apache Tomcat on RedHat Based Systems Insecure Temp Config Privilege Escalation
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
by Dawid Golunski
CVSS 7.8
Wacom Consumer Service - Unquoted Service Path Privilege Escalation
by Ross Marks
Leap Service - Unquoted Service Path Privilege Escalation
by Ross Marks
Foxit Cloud Update Service - Unquoted Service Path Privilege Escalation
by Ross Marks
Fitbit Connect Service - Unquoted Service Path Privilege Escalation
by Ross Marks
PHP Press Release - Persistent Cross-Site Scripting
by Besim
PHP Press Release - Cross-Site Request Forgery (Add Admin)
by Besim
miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)
by Besim
Waves Audio Service - Unquoted Service Path Privilege Escalation
by Ross Marks
BlueStacks 2.5.55 - Unquoted Service Path Privilege Escalation
by Th3GundY
By Source