Exploitdb Exploits
4,726 exploits tracked across all sources.
Litespeedtech Litespeed Cache - Insufficiently Protected Credentials
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1.
by Caner Tercan
CVSS 9.8
Fairsketch Rise Ultimate Project Manager - SQL Injection
A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
by Jobyer From Bytium
CVSS 5.5
Sonatype Nexus Repository <3.68.1 - Path Traversal
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
by VeryLazyTech
CVSS 7.5
Telerik Report Server Auth Bypass and Deserialization RCE
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
by VeryLazyTech
CVSS 9.8
nilsteampassnet/teampass <3.0.0.23 - SQL Injection
SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.
by Max Meyer - Rivendell
CVSS 7.5
Extensive VC Addons for WPBakery <1.9.1 - Info Disclosure
The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.
by Ravina
CVSS 7.5
Chamilo v1.11.24 Unrestricted File Upload PHP Webshell
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
by Mohamed Kamel BOUZEKRIA
CVSS 8.1
SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
by cybersploit
Invesalius3 - Remote Code Execution
by Alessio Romano (sfoffo)_ Riccardo Degli Esposti (partywave)
HughesNet HT2000W Satellite Modem - Password Reset
by Simon Greenblatt
stitionai devika v1 - Path Traversal
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system.
by Alperen Ergel
CVSS 9.1
Poultry Farm Management System v1.0 - Remote Code Execution (RCE)
by Jerry Thomas
Solarwinds Platform < 2024.2 - Race Condition
The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console.
by Elhussain Fathy
CVSS 6.4
PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)
by Yesith Alvarez
Wbce Cms - Unrestricted File Upload
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.
by Ahmet Ümit BAYRAM
CVSS 8.8
S9Y Serendipity - Unrestricted File Upload
Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server.
by Ahmet Ümit BAYRAM
CVSS 7.2
Dotclear - Unrestricted File Upload
Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload process by crafting a PHP shell with a command execution form to gain system access through the uploaded file.
by Ahmet Ümit BAYRAM
CVSS 8.8
Apprain - Unrestricted File Upload
appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by uploading a crafted PHP file to the site's uploads directory.
by Ahmet Ümit BAYRAM
CVSS 8.8
Monstra CMS 3.0.4 - Remote Code Execution (RCE)
by Ahmet Ümit BAYRAM
Aquatronica Controller System <= 5.1.6 - Information Disclosure
An information disclosure vulnerability exists in Aquatronica Controller System firmware versions <= 5.1.6 and web interface versions <= 2.0. The tcp.php endpoint fails to restrict unauthenticated access, allowing remote attackers to issue crafted POST requests and retrieve sensitive configuration data, including plaintext administrative credentials. Exploitation of this flaw can lead to full compromise of the system, enabling unauthorized manipulation of connected devices and aquarium parameters.
by LiquidWorm
changedetection < 0.45.20 - Remote Code Execution (RCE)
by Zach Crosman (zcrosman)
Check Point Security Gateway - Information Disclosure (Unauthenticated)
by Yesith Alvarez
By Source