Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars

CVE-2020-37173 EXPLOITDB HIGH text

AVideo Platform 8.1 - Info Disclosure

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter.

by Ihsan Sencan

CVSS 7.5

View

CVE-2020-37172 EXPLOITDB MEDIUM text

AVideo Platform 8.1 - Cross-Site Request Forgery in Password Recovery Mechanism

AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.

by Ihsan Sencan

CVSS 5.3

View

CVE-2020-37158 EXPLOITDB MEDIUM text

AVideo Platform 8.1 - Cross-Site Request Forgery via Password Recovery Mechanism

by Ihsan Sencan

CVSS 5.3

View

EIP-2026-103006 EXPLOITDB text

Socat 1.7.3.4 - Heap-Based Overflow (PoC)

by hieubl

View

CVE-2019-18634 EXPLOITDB HIGH text

sudo 1.7.1-1.8.25 - Stack-based Buffer Overflow via pwfeedback

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.

by Joe Vennix

CVSS 7.8

View

CVE-2020-8504 EXPLOITDB MEDIUM text

arox School Management Software PHP/mySQL < 2019-03-14 - Cross-Site Request Forgery via Add Admin Action

School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.

by J3rryBl4nks

CVSS 6.5

View

CVE-2020-8512 EXPLOITDB MEDIUM text

IceWarp Webmail Server <11.4.4.1 - XSS

In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.

by Lutfu Mert Ceylan

CVSS 6.1

View

CVE-2020-8641 EXPLOITDB HIGH text

Lotus Core CMS 1.0.1 - Path Traversal

Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter.

by Daniel Monzón

CVSS 8.8

View

CVE-2019-25313 EXPLOITDB MEDIUM text

FlexNet Publisher 11.12.1 - Cross-Site Request Forgery to Add Local Admin

FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML form to trick authenticated users into submitting a request that creates a new local admin account with a predefined password.

by Ismail Tasdelen

CVSS 4.0

View

EIP-2026-117571 EXPLOITDB text

Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution

by Eduardo Braun Prado

View

EIP-2026-119386 EXPLOITDB text

Kibana 6.6.1 - CSV Injection

by Aamir Rehman

View

CVE-2019-19032 EXPLOITDB HIGH text

XMLBlueprint <16.191112 - XML External Entity Injection

XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an XML File is validated. The component is: XML Validate function. The attack vector is: Specially crafted XML payload.

by Javier Olmedo

CVSS 8.1

View

CVE-2020-8425 EXPLOITDB MEDIUM text

Cups Easy (Purchase & Inventory) 1.0 - CSRF

Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php.

by J3rryBl4nks

CVSS 6.5

View

EIP-2026-105780 EXPLOITDB text

Centreon 19.10.5 - 'Pollers' Remote Command Execution

by Omri Baso

View

EIP-2026-105778 EXPLOITDB text

Centreon 19.10.5 - 'centreontrapd' Remote Command Execution

by Fabien AUNAY

View

EIP-2026-102391 EXPLOITDB text

Liferay CE Portal 6.0.2 - Remote Command Execution

by Berk Dusunur

View

EIP-2026-101733 EXPLOITDB text

Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site Scripting

by LiquidWorm

View

CVE-2019-19740 EXPLOITDB CRITICAL text

Octeth Oempro 4.7-4.8 - SQL Injection via CampaignID Parameter

Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.

by Bruno de Barros Bulle

CVSS 9.8

View

EIP-2026-105783 EXPLOITDB text

Centreon 19.10.5 - Remote Command Execution

by Fabien AUNAY

View

EIP-2026-105782 EXPLOITDB text

Centreon 19.10.5 - Database Credentials Disclosure

by Fabien AUNAY

View

CVE-2020-7991 EXPLOITDB HIGH text VERIFIED

Adive Framework 2.0.8 - Cross-Site Request Forgery in Admin Config

Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.

by Sarthak Saini

CVSS 8.8

View

EIP-2026-103541 EXPLOITDB text VERIFIED

macOS/iOS ImageIO - Heap Corruption when Processing Malformed TIFF Image

by Google Security Research

View

CVE-2020-6845 EXPLOITDB MEDIUM text

TopManage OLK 2020 - DOM-Based Cross-Site Scripting via Session Cookie

An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack.

by Joel Aviad Ossi

CVSS 6.1

View

CVE-2020-6844 EXPLOITDB HIGH text

TopManage OLK 2020 - Cross-Site Request Forgery in Login

In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts.

by Joel Aviad Ossi

CVSS 8.8

View

EIP-2026-113372 EXPLOITDB text

Webtareas 2.0 - 'id' SQL Injection

by Greg.Priest

View

By Source

All 31,386

By Language

text 31,386