Exploitdb Exploits
50,076 exploits tracked across all sources.
RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC
by LiquidWorm
Typora 1.7.4 - OS Command Injection via PDF Export Preferences
Typora 1.7.4 contains a command injection vulnerability in the PDF export preferences that allows attackers to execute arbitrary system commands. Attackers can inject malicious commands into the 'run command' input field during PDF export to achieve remote code execution.
by Ahmet Ümit BAYRAM
CVSS 9.8
WordPress Sonaar Music Plugin 4.7 Stored XSS via Comments
WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored and executed in the browsers of users viewing the affected playlist pages.
by Furkan Karaarslan
CVSS 7.2
Atcom 100M IP Phones <2.7.x.x - Command Injection
Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in web_cgi_main.cgi, enabling remote code execution with administrative credentials.
by Mohammed Adel
CVSS 8.8
WebIGniter 28.7.23 - Authenticated Remote Code Execution via Media File Upload
WEBIGniter 28.7.23 contains a file upload vulnerability that allows authenticated attackers to upload and execute dangerous PHP files through the media function. Attackers can leverage any created account to upload malicious PHP scripts that enable remote code execution on the application server.
by nu11secur1ty
Coppermine Gallery 1.6.25 - Authenticated RCE
Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.
by Mirabbas Ağalarov
CVSS 8.8
Tinycontrol LAN Controller v3 LK3 <1.58a - Info Disclosure
Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract base64-encoded user and admin passwords without authentication.
by LiquidWorm
Tinycontrol LAN Controller <1.58a - DoS
Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of service and configuration loss.
by LiquidWorm
Tinycontrol LAN Controller < 1.58a - Unauthenticated Authentication Bypass via /stm.cgi Endpoint
Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls and modify administrative credentials.
by LiquidWorm
CVSS 9.8
Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)
by Moein Shahabi
MasterStudy LMS <3.0.18 - Info Disclosure
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.
by Revan Arifio
CVSS 7.5
Online ID Generator 1.0 - Remote Code Execution (RCE)
by nu11secur1ty
Media Library Assistant <3.09 - RCE
The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible.
by Florent MONTEL
CVSS 9.8
By Source