Exploitdb Exploits
50,076 exploits tracked across all sources.
ASUS ASMB8-iKVM Firmware <= 1.14.51 - Remote Code Execution via SNMP Extension Creation
ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.
by ub3rsick
CVSS 9.8
makeplane plane 0.23.1 - Server-Side Request Forgery via Password Recovery
Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery.
by Saud Alenazi
CVSS 9.1
Alkacon OpenCMS 17.0 - Stored Cross-Site Scripting via Author Parameter
A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function.
by Siddhartha Naik
CVSS 5.4
pymatgen < 2024.2.20 - Remote Code Execution via JonesFaithfulTransformation.from_transformation_str()
Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.
by Mohammed Idrees Banyamer
CVSS 9.3
WordPress Really Simple SSL Plugin Authentication Bypass to RCE
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
by Antonio Francesco Sardella
CVSS 9.8
XWiki 11.8-15.10.7 - Stored Cross-Site Scripting via Edit Conflict
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1.
by Siddhartha Naik
CVSS 9.0
Cacti Import Packages RCE
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.
by D3Ext
CVSS 9.1
ABB Cylon Aspect 3.08.02 (webServerUpdate.php) - Input Validation Config Poisoning
by LiquidWorm
ABB ASPECT, NEXUS, and MATRIX Firmware < 3.08.03 - Denial of Service
Denial of Service vulnerabilities where found providing a potiential for device service disruptions.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
by LiquidWorm
CVSS 7.7
IBM i 7.3, 7.4, and 7.5 - Server-Side Request Forgery
IBM i 7.3, 7.4, and 7.5
is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
by hyp3rlinx
CVSS 5.4
IBM i 7.3-7.5 - Authenticated Authentication Bypass via Navigator for i Interface
IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.
by hyp3rlinx
CVSS 4.3
Adapt Learning Adapt Authoring Tool <= 0.11.3 - SQL Injection
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in Mongoose's find() function. This makes it possible for attackers to perform a full takeover of the administrator account. Attackers can then use the newly gained administrative privileges to upload a custom plugin to perform remote code execution (RCE) on the server hosting the web application.
by Eui Chul Chung
CVSS 9.8
ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS
by LiquidWorm
Ivanti Connect Secure <22.7R2.5 - RCE
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
by Abdualhadi khalifa
CVSS 9.0
ABB ASPECT Enterprise, NEXUS Series, MATRIX Series <3.08.02 - Credentials Disclosure
Credentials Disclosure vulnerabilities allow access to on board project back-up bundles.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
by LiquidWorm
CVSS 7.5
ABB ASPECT/Enterprise/NEXUS/MATRIX Firmware < 3.08.03 - Remote Code Execution
Improper Input Validation vulnerability allows Remote Code Execution.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
by LiquidWorm
CVSS 10.0
ABB ASPECT Enterprise and NEXUS/MATRIX Series < 3.08.03 - Cross-Site Scripting
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
by LiquidWorm
CVSS 9.0
ABB ASPECT Enterprise and NEXUS/MATRIX Series < 3.08.03 - Cross-Site Scripting
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
by LiquidWorm
CVSS 9.0
ABB ASPECT Enterprise and NEXUS/MATRIX Series < 3.08.03 - Cross-Site Scripting
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
by LiquidWorm
CVSS 9.0
ABB ASPECT, NEXUS, and MATRIX Series <3.07.02 - Weak Password Reset Rules
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.
Affected products:
ABB ASPECT - Enterprise v3.07.02;
NEXUS Series v3.07.02;
MATRIX Series v3.07.02
by LiquidWorm
CVSS 9.4
common-user-management - Profile Picture Upload Remote Code Execution
common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE).
by d3sca
NAPC Xinet Elegant 6.1.655 - SQL Injection
NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used.
by hyp3rlinx
CVSS 9.8
Silverstripe asset-admin < 5.3.8 - oEmbed Cross-Site Scripting
silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability.
by James Nicoll
CVSS 5.4
By Source