Exploitdb Exploits
31,341 exploits tracked across all sources.
Textpattern 4.8.8 - Remote Code Execution (RCE) (Authenticated)
by Alperen Ergel
Judging Management System v1.0 - Authentication Bypass
by Angelo Pio Amirante
Bludit 3-14-1 Plugin 'UploadPlugin' - Remote Code Execution (RCE) (Authenticated)
by Alperen Ergel
EQ < 2.2.0 - SQL Injection
EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter.
by TLF
CVSS 9.8
myBB Forums 1.8.26 - XSS
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated administrators to inject malicious scripts when creating announcements. Attackers can exploit this vulnerability by inserting script payloads in the announcement title field when adding announcements through the 'Forums and Posts' > 'Forum Announcements' interface, causing arbitrary JavaScript to execute when the announcement is displayed on the forum.
by Andrey Stoykov
CVSS 5.4
myBB Forums 1.8.26 - XSS
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum management system that allows authenticated administrators to inject malicious scripts when creating new forums. Attackers can exploit this vulnerability by inserting script payloads in the forum title field when adding new forums through the 'Forums and Posts' > 'Forum Management' interface, causing arbitrary JavaScript to execute when the forum listing is viewed.
by Andrey Stoykov
CVSS 5.4
myBB Forums 1.8.26 - XSS
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticated administrators to inject malicious scripts when creating new templates. Attackers can exploit this vulnerability by inserting script payloads in the template title field when adding new templates through the 'Templates and Style' > 'Templates' > 'Manage Templates' > 'Global Templates' interface, causing arbitrary JavaScript to execute when the template is viewed.
by Andrey Stoykov
CVSS 5.4
Zillya Total Security 3.0.2367.0 - Privilege Escalation
Zillya Total Security 3.0.2367.0 contains a privilege escalation vulnerability that allows low-privileged users to copy files to unauthorized system locations using the quarantine module. Attackers can leverage symbolic link techniques to restore quarantined files to restricted directories, potentially enabling system-level access through techniques like DLL hijacking.
by M. Akil Gündoğan
CVSS 8.4
Eve-ng - XSS
A vulnerability was found in EVE-NG 5.0.1-13 and classified as problematic. Affected by this issue is some unknown functionality of the component Lab Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256442 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by @casp3r0x0 hassan ali al-khafaji
CVSS 2.4
4images 1.9 - Authenticated RCE
4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php endpoint with a crafted cat_id parameter.
by Andrey Stoykov
CVSS 7.2
WPForms 1.7.8 - XSS
WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser.
by Milad karimi
CVSS 6.1
Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path
by P4p4 M4n3
Virtualreception Digital Reciptie - Path Traversal
Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request.
by Spinae
CVSS 7.5
Rejected
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2022-42245. Reason: This record is a duplicate of CVE-2022-42245. Notes: All CVE users should reference CVE-2022-42245 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
by lvren
Lsoft Listserv - XSS
A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter.
by Shaunt Der-Grigorian
CVSS 6.1
By Source