Exploitdb Exploits
50,076 exploits tracked across all sources.
GLPI < 9.4.6 - Authenticated Remote Code Execution via Backup Functionality
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks. This is fixed in version 9.4.6.
by Brian Peters
CVSS 7.4
Clcknshop 1.0.0 - SQL Injection via GET Parameter Handler
A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /collection/all of the component GET Parameter Handler. The manipulation of the argument tag leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-238571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by CraCkEr
CVSS 6.3
Cacti < 1.2.25 - Authenticated Remote Code Execution via SNMP Device Options
Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
by Antonio Francesco Sardella
CVSS 7.2
BoidCMS Command Injection
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.
by 1337kid
CVSS 8.8
Splunk Enterprise <9.0.5 - Privilege Escalation
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
by Redway Security
CVSS 8.8
Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)
by Riyan Firmansyah of Seclab
MinIO < 2022-07-29T19-40-48Z - Path Traversal via ServerUpdate API
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies.
by Jenson Zhao
CVSS 7.4
GOM Player 2.3.90.5360 - Remote Code Execution via Internet Explorer Component
GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server interaction.
by M. Akil Gündoğan
CVSS 8.8
GOM Player <2.3.90.5360 - Buffer Overflow
GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause application instability.
by Ahmet Ümit BAYRAM
CVSS 9.8
SyncBreeze 15.2.24 - Denial of Service via Login Endpoint Password Parameter Overflow
SyncBreeze 15.2.24 contains a denial of service vulnerability in the login authentication mechanism that allows attackers to crash the service. Attackers can send an oversized password parameter with repeated 'password=' values to overwhelm the login endpoint and potentially disrupt service availability.
by mohamed youssef
Wp2Fac 1.0 - OS Command Injection via send.php numara Parameter
Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code.
by Ahmet Ümit BAYRAM
Soosyze 2.0.0 - Unrestricted Upload of File with Dangerous Type via Broken Upload Logic
Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server.
by nu11secur1ty
CVSS 9.8
Jorani 1.0.3 - Reflected Cross-Site Scripting via Language Parameter
Jorani 1.0.3 contains a reflected cross-site scripting vulnerability in the language parameter that allows attackers to inject malicious scripts. Attackers can craft XSS payloads in the language parameter to execute arbitrary JavaScript and potentially steal user session information.
by nu11secur1ty
Elementor Website Builder <3.5.5 - XSS
The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.
by Miguel Santareno
CVSS 6.1
SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection
A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-238059.
by CraCkEr
CVSS 6.3
Drupal 10.1.2 - web-cache-poisoning-External-service-interaction
by nu11secur1ty
Axigen Mobile WebMail <10.2.3.12 & <10.3.3.47 - XSS
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.
by AmirZargham
CVSS 6.1
TechView LA-5570 Wireless Gateway 1.0.19_T53 - Sensitive Information Exposure via /config/system.conf
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf.
by The Security Team [exploitsecurity.io]
CVSS 7.5
Kingo ROOT <1.5.8.3353 - Privilege Escalation
An unquoted service path in Kingosoft Technology Ltd Kingo ROOT v1.5.8.3353 allows attackers to escalate privileges via placing a crafted executable file into a parent folder.
by Anish Feroz
CVSS 7.8
NVClient 5.0 - Stack-based Buffer Overflow via User Configuration Contact Field
NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact field that allows attackers to crash the application. Attackers can overwrite 846 bytes of memory by pasting a crafted payload into the contact box, causing a denial of service condition.
by Ahmet Ümit BAYRAM
CVSS 5.5
Member Login Script 3.3 - HTTP Request Smuggling via Content-Length Header Parsing
Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request processing controls.
by nu11secur1ty
Bus Reservation System 1.1 - SQL Injection
Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database.
by nu11secur1ty
CVSS 9.8
Academy LMS 6.1 - Authenticated Stored Cross-Site Scripting via Profile Avatar Upload
Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable JavaScript code.
by CraCkEr
CVSS 5.4
By Source