Exploitdb Exploits
31,346 exploits tracked across all sources.
Saltos Rhinos - CSRF
RhinOS 3.0 build 1190 allows CSRF.
by Ihsan Sencan
CVSS 6.5
Pointofsales - SQL Injection
Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.
by Ihsan Sencan
CVSS 9.8
Tubigan Welcome TO Our Resort - SQL Injection
The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.
by Ihsan Sencan
CVSS 9.8
MTGAS MOGG Web Simulator Script - SQL Injection
by Meisam Monsef
K-iwi - SQL Injection
K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter.
by Ihsan Sencan
CVSS 9.8
Bsen Ordering Software - SQL Injection
The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL].
by Ihsan Sencan
CVSS 9.8
Curriculum Evaluation System - SQL Injection
Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb.
by Ihsan Sencan
CVSS 9.8
Card Payment 1.0 - Cross-Site Request Forgery (Update Admin)
by Ihsan Sencan
Bakeshop Inventory System - SQL Injection
Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb.
by Ihsan Sencan
CVSS 9.8
Canonical Ubuntu Linux < 240 - Race Condition
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.
by Google Security Research
CVSS 7.0
Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection
by Ihsan Sencan
Phptpoint Pharmacy Management System - SQL Injection
PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter.
by Boumediene KADDOUR
CVSS 9.8
Adult Filter 1.0 - Buffer Overflow
Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file.
by AkkuS
CVSS 7.8
Ardawan User Management - XSS
Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI.
by Ismail Tasdelen
CVSS 5.4
ProjeQtOr 7.2.5 - RCE
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.
by AkkuS
CVSS 8.8
phptpoint Hospital Management System 1.0 - 'user' SQL injection
by Boumediene KADDOUR
Creativeitem Ekushey Project Manager - XSS
In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI.
by Ismail Tasdelen
CVSS 5.4
By Source