Exploitdb Exploits
31,364 exploits tracked across all sources.
Dell EMC Isilon - XSS
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
Dell EMC Isilon - XSS
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
Dell EMC Isilon - XSS
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
Nat32 - CSRF
A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF.
by hyp3rlinx
CVSS 6.1
Nat32 - CSRF
A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS.
by hyp3rlinx
CVSS 8.8
Dell Emc Isilon Onefs < 7.2.1.6 - CSRF
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.
by Core Security
CVSS 8.8
News Website Script - SQL Injection
PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term.
by Varun Bagaria
CVSS 9.8
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none
by smgorelik
Typesetter - Code Injection
An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction.
by Navina Asrani
CVSS 8.8
LogicalDOC Enterprise 7.7.4 - Info Disclosure
LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to access sensitive system files like win.ini and /etc/passwd by manipulating path traversal sequences.
by LiquidWorm
CVSS 7.5
LogicalDOC Enterprise 7.7.4 - Command Injection
LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command, ocr.Tesseract.path, and other system paths to execute arbitrary system commands with elevated privileges.
by LiquidWorm
CVSS 6.5
Readymade Video Sharing Script 3.2 - 'search' SQL Injection
by Varun Bagaria
Olx Clone Script - XSS
PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field.
by Varun Bagaria
CVSS 6.1
Entrepreneur Dating Script 2.0.2 - Authentication Bypass
by L0RD
Google Android - Incorrect Permission Assignment
In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699.
by Google Security Research
CVSS 7.8
WonderCMS 2.3.1 - Code Injection
In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload.
by Samrat Das
CVSS 8.8
WonderCMS 2.3.1 - SSRF
WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only come from a local machine or from the administrator as a self attack
by Samrat Das
CVSS 7.5
Student Profile Management System Script 2.0.6 - Authentication Bypass
by L0RD
By Source