Exploitdb Exploits
31,329 exploits tracked across all sources.
Intelbras Wireless N 150Mbps router WRN 240 - XSS
XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated by an "airbase-ng -e" command.
by Elber Tavares
CVSS 6.1
Ultimate HR System < 1.2 - Directory Traversal / Cross-Site Scripting
by 8bitsec
FiberHome User End Router AN1020-25 - Info Disclosure
An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password.
by Ibad Shah
CVSS 9.8
Mongoose Web Server <6.9 - CSRF
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely.
by hyp3rlinx
CVSS 8.8
A2billing 2.x - Backup File Download / Remote Code Execution
by 0x4148
Wibu Codemeter < 6.50a - XSS
Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html.
by Vulnerability-Lab
CVSS 5.4
RubyGems <2.6.12 - Code Injection
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
by mame
CVSS 7.5
Twsz Wifi Repeater Firmware - OS Command Injection
T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg.
by Hay Mizrachi
CVSS 8.8
Joomla! Component Survey Force Deluxe 3.2.4 - 'invite' SQL Injection
by Ihsan Sencan
IBM Domino - Access Control
Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.
by ParagonSec
WordPress <1.7.5.10 - XSS
The Participants Database plugin before 1.7.5.10 for WordPress has XSS.
by Benjamin Lim
CVSS 6.1
Uclouvain Openjpeg < 2.1.2 - Memory Corruption
Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.
by Ke Liu
CVSS 6.5
By Source