Exploitdb Exploits
31,364 exploits tracked across all sources.
Monstra Cms < 3.0.4 - XSS
Monstra CMS 3.0.4 and earlier has XSS via index.php.
by Berk Dusunur
CVSS 6.1
Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery
by L0RD
Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery
by L0RD
SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure
by Richard Alviarez
SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion
by Richard Alviarez
Nanopool Claymore Dual Miner <7.3 - RCE
Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled.
by ReverseBrain
CVSS 7.5
SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass
by L0RD
SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass
by L0RD
Schneider Electric - CSRF
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.
by t4rkd3vilz
CVSS 8.8
Horse Market Sell & Rent Portal - CSRF
Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely.
by L0RD
CVSS 6.5
Admin Notes - CSRF
An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action.
by 0xB9
CVSS 6.5
Rockwellautomation Compactlogix 1769-l16er-bb1b Firmware - XSS
Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by t4rkd3vilz
CVSS 6.1
Windows - Privilege Escalation
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 7.0
Virtuemart < 3.2.14 - XSS
An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS.
by Mattia Furlani
CVSS 5.4
Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting
by L0RD
RSA Authentication Manager < 8.3 - XXE
RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted to the application.
by SEC Consult
CVSS 7.1
XATABoost CMS 1.0.0 SQL Injection via news.php
XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database information.
by MgThuraMoeMyint
CVSS 8.2
WUZHI CMS 4.1.0 - XSS
A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.
by jiguang
CVSS 6.1
WUZHI CMS 4.1.0 - XSS
WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.
by jiguang
CVSS 5.4
Open-audit - XSS
Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the "Name (display)" field to the attributes/create URI).
by Tejesh Kolisetty
CVSS 5.4
Open-AudIT Community 2.2.0 - XSS
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.
by Tejesh Kolisetty
CVSS 5.4
EMC RecoverPoint <5.1.1, 5.0.1.3 - Command Injection
An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.
by Paul Taylor
CVSS 6.7
By Source