Exploitdb Exploits
31,341 exploits tracked across all sources.
Lsoft Listserv - IDOR
The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account.
by Shaunt Der-Grigorian
CVSS 7.5
D-Link DSL-124 ME_1.00 - Info Disclosure
D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to download a complete backup file containing sensitive network credentials and system configurations.
by Aryan Chehreghani
CVSS 7.5
Outline 1.6.0 - Privilege Escalation
Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executable to inject malicious code that will be executed with LocalSystem permissions.
by Milad karimi
CVSS 7.8
Internet Download Manager v6.41 Build 3 - Remote Code Execution (RCE)
by M. Akil Gündoğan
Human Resource Management System 1.0 - SQL Injection (unauthenticated)
by Matthijs van der Vaart (eMVee)
Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)
by Rajeshwar Singh
Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)
by Bleron Rrustemi
Social-Share-Buttons 2.2.3 - SQL Injection
Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the project_id parameter that allows attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted POST requests with malicious SQL payloads to retrieve and potentially steal entire database contents.
by nu11secur1ty
CVSS 8.2
Automattic Jetpack - XSS
Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts through the post_id parameter. Attackers can craft malicious URLs with script payloads to execute arbitrary JavaScript in victims' browsers when they interact with the contact form page.
by Behrouz Mansoori
CVSS 6.1
Youphptube < 7.8 - XSS
YouPHPTube <= 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they access the signup page.
by Rafael Pedrero
CVSS 6.1
Youphptube < 7.8 - Path Traversal
YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to include and view PHP files outside the intended directory by using directory traversal sequences.
by Rafael Pedrero
CVSS 5.5
SugarSync 4.1.3 - 'SugarSync Service' Unquoted Service Path
by Jorge Manuel Lozano Gómez
HDD Health 4.2.0.112 - 'HDDHealth' Unquoted Service Path
by Jorge Manuel Lozano Gómez
Heartex - Label Studio Community Edition <1.5.0 - SSRF
A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF.
by Ryan Smith
CVSS 6.5
Senayan Library Management System v9.5.0 - SQL Injection
by nu11secur1ty
Online shopping system advanced 1.0 - Multiple Vulnerabilities
by Rafael Pedrero
Boxbilling < 0.0.1 - Unrestricted Upload of File with Dangerous Type
Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.
by zetc0de
CVSS 7.2
By Source