Exploitdb Exploits

11 exploits tracked across all sources.

Sort: Newest Stars
CVE-2024-35540 EXPLOITDB CRITICAL go
Typecho < 1.2.1 - XSS
A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
by cyberaz0r
CVSS 9.0
CVE-2024-35539 EXPLOITDB MEDIUM go
Typecho - Authentication Bypass by Spoofing
Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently.
by cyberaz0r
CVSS 6.5
CVE-2023-0777 EXPLOITDB CRITICAL go
Modoboa < 2.0.4 - Authentication Bypass
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.
by 7h3h4ckv157
CVSS 9.8
CVE-2022-44877 EXPLOITDB CRITICAL go
CWP login.php Unauthenticated RCE
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
by Mayank Deshmukh
CVSS 9.8
CVE-2022-24124 EXPLOITDB HIGH go
Casdoor <1.13.1 - SQL Injection
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
by Mayank Deshmukh
CVSS 7.5
CVE-2021-29156 EXPLOITDB HIGH go
Forgerock Openam < 13.5.1 - Injection
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.
by Charlton Trezevant
CVSS 7.5
CVE-2020-15492 EXPLOITDB CRITICAL go
Inneo Startup Tools < 13.0.70.3804 - Path Traversal
An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. The sut_srv.exe web application (served on TCP port 85) includes user input into a filesystem access without any further validation. This might allow an unauthenticated attacker to read files on the server via Directory Traversal, or possibly have unspecified other impact.
by Patrick Hener
CVSS 9.8
CVE-2020-8515 EXPLOITDB CRITICAL go
DrayTek - RCE
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.
by 0xsha
CVSS 9.8
EIP-2026-102510 EXPLOITDB go
NetGain EM Plus 10.1.68 - Remote Command Execution
by azams
EIP-2026-101848 EXPLOITDB go
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
by Maxim Yefimenko
CVE-2014-8652 EXPLOITDB go
Elipse E3 <3 - DoS
Elipse E3 3.x and earlier allows remote attackers to cause a denial of service (application crash and plant outage) via a rapid series of HTTP requests to index.html on TCP port 1681.
by firebitsbr
By Source
All 11 Exploitdb 50,196 Writeup 43,060 Nomisec 19,721 Metasploit 3,028 Github 2,086 Vulncheck_xdb 887 Inthewild 518 Gitlab 431 Gitee 415 Patchapalooza 312
By Language
text 31,307 ruby 5,759 python 5,758 c 3,536 perl 2,854 html 2,051 php 1,332 bash 459 java 359 javascript 255 c++ 242 shell 54 go 38 postscript 25 xml 24