Exploitdb Exploits
31,341 exploits tracked across all sources.
Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)
by Alok kumar
WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection
by Meryem Taşkın
WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - _Dashboard Redirect_ field Stored Cross-Site Scripting (XSS)
by Rachit Arora
perl2exe < V30.10C - RCE
perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized access.
by decrazyo
dawa-pharma-1.0 - SQL Injection
dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access.
by nu11secur1ty
Zoo Management System v1.0 - File Upload
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.
by Çağatay Ceyhan
CVSS 7.2
Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin
by Marcin Kozlowski
Automatic-Systems SOC FL9600 FastLine - Directory Transversal
by Marcin Kozlowski
TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution
by LiquidWorm
Puneethreddyhc Online Shopping System Advanced - SQL Injection
Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database information by manipulating the user ID parameter.
by Furkan Gedik
CVSS 7.5
Simple Inventory Management System v1.0 - SQL Injection
Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.
by SoSPiro
CVSS 9.8
IBM i Access Client Solutions <1.1.2-1.1.4, <1.1.4.3-1.1.9.4 - Info...
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.
by hyp3rlinx
CVSS 5.1
WyreStorm Apollo VX20 - Information Disclosure
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.
by hyp3rlinx
CVSS 9.1
Wyrestorm Apollo Vx20 Firmware < 1.3.58 - Information Disclosure
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts.
by hyp3rlinx
CVSS 7.5
Wyrestorm Apollo Vx20 Firmware < 1.3.58 - Improper Access Control
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request.
by hyp3rlinx
CVSS 7.5
WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)
by Sagar Banwa
Microsoft Windows Defender Bypass - Detection Mitigation Bypass
by hyp3rlinx
By Source