Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-14930 EXPLOITDB HIGH text
BT CTROMS Terminal OS Port Portal CT-464 - Info Disclosure
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client.
by AkkuS
CVSS 8.1
EIP-2026-114559 EXPLOITDB text
YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting
by En_dust
CVE-2020-15468 EXPLOITDB CRITICAL text
Persian Vip Download Script - SQL Injection
Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit.php active parameter.
by Amir Hossein Vafifar
CVSS 9.8
EIP-2026-102429 EXPLOITDB text
Sysaid 20.1.11 b26 - Remote Command Execution
by Ahmed Sherif
CVE-2020-37111 EXPLOITDB MEDIUM text
60CycleCMS 2.5.2 - XSS
60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browsers. This issue does not involve SQL injection.
by Unkn0wn
CVSS 6.1
CVE-2020-37110 EXPLOITDB HIGH text
60CycleCMS 2.5.2 - SQL Injection
60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modify database contents. This issue does not involve cross-site scripting.
by Unkn0wn
CVSS 8.2
CVE-2020-10218 EXPLOITDB MEDIUM text
Sapplica Sentrifugo - SQL Injection
A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.
by minhnb
CVSS 6.5
EIP-2026-103770 EXPLOITDB text
Counter Strike: GO - '.bsp' Memory Control (PoC)
by 0day enthusiast
CVE-2020-37055 EXPLOITDB HIGH text
SpyHunter 4 - Privilege Escalation
SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access during service startup.
by Alejandro Reyes
CVSS 7.8
CVE-2020-37048 EXPLOITDB HIGH text
Iskysoft Application Framework Service 2.4.3.241 - Code Injection
Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would be run with the service's high-level system permissions.
by Alejandro Reyes
CVSS 7.8
CVE-2020-37047 EXPLOITDB HIGH text
Deep Instinct Windows Agent 1.2.29.0 - Privilege Escalation
Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicious code that would execute with LocalSystem permissions during service startup.
by Oscar Flores
CVSS 7.8
EIP-2026-116821 EXPLOITDB text
ASUS GiftBox Desktop 1.1.1.127 - 'ASUSGiftBoxDesktop' Unquoted Service Path
by Oscar Flores
EIP-2026-112901 EXPLOITDB text
UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read
by NgoAnhDuc
CVE-2020-37116 EXPLOITDB HIGH text
GUnet OpenEclass 1.7.3 - RCE
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise.
by emaragkos
CVSS 8.8
CVE-2020-37115 EXPLOITDB MEDIUM text
GUnet OpenEclass 1.7.3 - Info Disclosure
GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access.
by emaragkos
CVSS 6.5
CVE-2020-37114 EXPLOITDB MEDIUM text
GUnet OpenEclass 1.7.3 - Info Disclosure
GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download other users' files without proper authorization.
by emaragkos
CVSS 4.3
CVE-2020-37113 EXPLOITDB HIGH text
GUnet OpenEclass 1.7.3 - Auth Bypass
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature.
by emaragkos
CVSS 8.8
CVE-2020-37112 EXPLOITDB HIGH text
GUnet OpenEclass 1.7.3 - SQL Injection
GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques.
by emaragkos
CVSS 7.1
CVE-2020-8778 EXPLOITDB MEDIUM text
Alfresco <5.2.7 & <6.2.0 - XSS
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
by Alexandre ZANNI
CVSS 5.4
EIP-2026-101948 EXPLOITDB text
RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection
by Olga Villagran
EIP-2026-101947 EXPLOITDB text
RICOH Aficio SP 5200S Printer - 'entryNameIn' HTML Injection
by Paulina Girón
CVE-2020-8615 EXPLOITDB MEDIUM text
Tutor LMS <1.5.3 - CSRF
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).
by Jinson Varghese Behanan
CVSS 6.5
CVE-2020-9038 EXPLOITDB MEDIUM text
Joplin < 1.0.184 - XSS
Joplin through 1.0.184 allows Arbitrary File Read via XSS.
by Javier Olmedo
CVSS 5.4
CVE-2019-19143 EXPLOITDB MEDIUM text
TP-LINK TL-WR849N <4.16 - DoS
TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI.
by Elber Tavares
CVSS 6.1
CVE-2019-19142 EXPLOITDB HIGH text
Intelbras WRN240 - DoS
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.
by Elber Tavares
CVSS 7.5
By Source
All 31,346 Exploitdb 50,135 Writeup 46,968 Nomisec 21,259 Metasploit 3,228 Github 2,444 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,832 c 3,570 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 87 go 47 postscript 25 xml 24