Exploitdb Exploits

4,726 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-33829 EXPLOITDB MEDIUM python
Cloudogu GmbH SCM Manager <1.60 - XSS
A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.
by neg0x
CVSS 5.4
CVE-2023-53970 EXPLOITDB HIGH python
Screen SFT DAB 600/C Firmware 1.9.3 - Auth Bypass
Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP-bound session identifiers. Attackers can exploit the vulnerable deviceManagement API endpoint to reset device configurations by sending crafted POST requests with manipulated session parameters.
by LiquidWorm
CVSS 7.5
CVE-2023-53969 EXPLOITDB HIGH python
Screen SFT DAB 600/C firmware <1.9.3 - Auth Bypass
Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords without proper authentication.
by LiquidWorm
CVSS 7.5
CVE-2023-53968 EXPLOITDB CRITICAL python
Screen SFT DAB 600/C Firmware 1.9.3 - Auth Bypass
Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts without proper authentication.
by LiquidWorm
CVSS 9.8
CVE-2023-53967 EXPLOITDB HIGH python
Screen SFT DAB 600/C 1.9.3 - Auth Bypass
Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted POST request with a new MD5-hashed password to directly modify the admin account's authentication.
by LiquidWorm
CVSS 7.5
CVE-2023-53776 EXPLOITDB HIGH python
Screen SFT DAB 1.9.3 - Auth Bypass
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to the device management API by leveraging the session binding mechanism to perform critical operations on the transmitter.
by LiquidWorm
CVSS 8.8
CVE-2023-53775 EXPLOITDB MEDIUM python
Screen SFT DAB 1.9.3 - Auth Bypass
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials without proper authentication.
by LiquidWorm
CVSS 6.5
CVE-2023-53741 EXPLOITDB HIGH python
Screen SFT DAB 1.9.3 - Auth Bypass
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.
by LiquidWorm
CVSS 8.1
CVE-2023-53740 EXPLOITDB CRITICAL python
Screen SFT DAB 1.9.3 - Auth Bypass
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account.
by LiquidWorm
CVSS 9.8
CVE-2022-41544 EXPLOITDB CRITICAL python VERIFIED
GetSimple CMS <3.3.16 - RCE
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.
by Youssef Muhammad
CVSS 9.8
EIP-2026-105453 EXPLOITDB python VERIFIED
Best POS Management System v1.0 - Unauthenticated Remote Code Execution
by Mesut Cetin
CVE-2023-27350 EXPLOITDB CRITICAL python
Papercut MF < 20.1.7 - Improper Access Control
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
by MaanVader
CVSS 9.8
CVE-2023-27524 EXPLOITDB HIGH python
Apache Superset Signed Cookie Priv Esc
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database. Add a strong SECRET_KEY to your `superset_config.py` file like: SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY> Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.
by MaanVader
CVSS 8.9
EIP-2026-101436 EXPLOITDB python
Screen SFT DAB 600/C - Authentication Bypass Account Creation
by LiquidWorm
CVE-2022-2591 EXPLOITDB HIGH python
TEM FLEX-1085 1.6.0 - DoS
A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
by Mr Empy
CVSS 7.5
CVE-2023-53942 EXPLOITDB HIGH python
Thingie 2.5.7 - Command Injection
File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with a command parameter.
by Maurice Fielenbach
CVSS 8.8
CVE-2023-53923 EXPLOITDB CRITICAL python
UliCMS 2023.1 - Privilege Escalation
UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST request to /dist/admin/index.php with specific parameters to generate a new admin user with full system access.
by Mirabbas Ağalarov
CVSS 9.8
CVE-2023-2246 EXPLOITDB MEDIUM python VERIFIED
Online Pizza Ordering System - Unrestricted File Upload
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227236.
by URGAN
CVSS 6.3
CVE-2023-53943 EXPLOITDB MEDIUM python
GLPI 9.5.7 - Info Disclosure
GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identify valid user accounts.
by Rafael B.
CVSS 5.3
EIP-2026-110300 EXPLOITDB python
OpenEMR v7.0.1 - Authentication credentials brute force
by abhhi (Abhishek Birdawade)
CVE-2023-30350 EXPLOITDB HIGH python
FS S3900-24T4S - Privilege Escalation
FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password.
by Daniele Linguaglossa
CVSS 8.8
EIP-2026-109633 EXPLOITDB python
Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution
by Or4nG.M4N
EIP-2026-109332 EXPLOITDB python
Mars Stealer 8.3 - Admin Account Takeover
by Sköll
CVE-2022-4944 EXPLOITDB MEDIUM python
Kodcloud Kodexplorer < 4.49 - CSRF
A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.50 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227000.
by Mr Empy
CVSS 4.3
CVE-2023-27350 EXPLOITDB CRITICAL python
Papercut MF < 20.1.7 - Improper Access Control
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
by MaanVader
CVSS 9.8
By Source
All 4,726 Exploitdb 50,123 Writeup 46,610 Nomisec 21,121 Metasploit 3,189 Github 2,231 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,731 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 259 c++ 245 shell 68 go 41 postscript 25 xml 24