Exploitdb Exploits
4,724 exploits tracked across all sources.
OpenEMR <5.0.1.4 - Auth Bypass
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient.
by Ron Jost
CVSS 9.1
OpenEMR <5.0.1.4 - Code Injection
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.
by Ron Jost
CVSS 8.8
GLPI <9.4.6 - Command Injection
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks. This is fixed in version 9.4.6.
by Brian Peters
CVSS 7.4
Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC)
by Geovanni Ruiz
Notex the best notes 6.4 - Denial of Service (PoC)
by Geovanni Ruiz
WoWonder 3.0.4 - Code Injection
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.
by securityforeveryone.com
CVSS 9.8
Microsoft Sharepoint Foundation - SSRF
Microsoft SharePoint Server Spoofing Vulnerability
by Alex Birnberg
CVSS 7.6
OpenEMR <5.0.0 - Code Injection
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
by Ron Jost
CVSS 8.8
memono Notepad Version 4.2 - Denial of Service (PoC)
by Geovanni Ruiz
Sticky Notes Widget Version 3.0.6 - Denial of Service (PoC)
by Geovanni Ruiz
Grav - Missing Authorization
GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with system command execution.
by legend
CVSS 9.8
Nsasoft Nsauditor - Buffer Overflow
Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated characters into the 'Key' field to trigger an application crash.
by Erick Galindo
CVSS 7.5
Nsasoft Nbmonitor - Buffer Overflow
NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer into the registration key field to trigger an application crash and potential system instability.
by Erick Galindo
CVSS 7.5
Backup Key Recovery <2.2.7 - DoS
Backup Key Recovery 2.2.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a large buffer of 256 repeated characters into the registration key field to trigger application instability and potential crash.
by Erick Galindo
CVSS 7.5
gVectors wpDiscuz <7.0.4 - RCE
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
by Fellipe Oliveira
CVSS 10.0
OptiLink ONT1GEW GPON <V2.1.11_X101 Build 1127.190306 - Command Inj...
An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version V2.1.11_X101 Build 1127.190306 and earlier. The router’s web management interface fails to properly sanitize user input in the target_addr parameter of the formTracert and formPing administrative endpoints. An authenticated attacker can inject arbitrary operating system commands, which are executed with root privileges, leading to remote code execution. Successful exploitation enables full compromise of the device. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.
by SecNigma
IcoFX <2.5 - Buffer Overflow
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
by Austin Babcock
Grav < 1.7.11 - Code Injection
Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addressed in version 1.7.11.
by enox
CVSS 8.4
Rocket.Chat <3.14 - SQL Injection
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
by enox
CVSS 9.8
Sticky Notes & Color Widgets 1.4.2 - Denial of Service (PoC)
by Geovanni Ruiz
Monstra CMS <3.0.4 - RCE
Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048.
by Ron Jost
CVSS 8.8
By Source