Exploitdb Exploits
4,724 exploits tracked across all sources.
Nidesoft 3GP Video Converter <2.6.18 - Buffer Overflow
Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system.
by Felipe Winsnes
CVSS 8.4
Car Rental Management System 1.0 - SQL injection + Arbitrary File Upload
by Fortunato Lodari
Salesagility Suitecrm < 7.11.17 - Unrestricted File Upload
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.
by M. Cory Billington
CVSS 8.8
SmartBlog 2.0.1 - SQL Injection
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare character-by-character of database information.
by C0wnuts
CVSS 8.2
Sentrifugo Version 3.2 - 'announcements' Remote Code Execution (Authenticated)
by Fatih Çelik
Sentrifugo 3.2 - 'assets' Remote Code Execution (Authenticated)
by Fatih Çelik
CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)
by Fatih Çelik
Tp-link Wr940n Firmware - Memory Corruption
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm.
by Patrik Lantz
CVSS 8.8
Student Attendance Management System 1.0 - 'username' SQL Injection / Remote Code Execution
by Mosaaed
School Log Management System 1.0 - 'username' SQL Injection / Remote Code Execution
by Mosaaed
Monitorr - Incorrect Authorization
An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials.
by Lyhin\'s Lab
CVSS 9.8
Monitorr - Unrestricted File Upload
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.
by Lyhin\'s Lab
CVSS 9.8
WordPress Plugin Simple File List 4.2.2 - Arbitrary File Upload
by H4rk3nz0
Apache Flink 1.9.x - File Upload RCE (Unauthenticated)
by bigger.wing
Simple College Website 1.0 - 'username' SQL Injection / Remote Code Execution
by yunaranyancat
Citadel WebCit < 926 - Session Hijacking Exploit
by Simone Quatrini
WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 - Unauthenticated RCE via GET request
by Mohammed Althibyani
Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
by Matthew Aberegg
CVSS 7.2
Sphider Search Engine 1.3.6 - 'word_upper_bound' RCE (Authenticated)
by Gurkirat Singh
Sentrifugo 3.2 - RCE
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell.
by Gurkirat Singh
CVSS 8.8
GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse
by LiquidWorm
Inoideas Inoerp - Code Injection
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.
by Lyhin\'s Lab
CVSS 9.8
CMS Made Simple <2.1.6 - SSRF
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
by Gurkirat Singh
CVSS 9.8
By Source