Exploitdb Exploits
31,341 exploits tracked across all sources.
Pega Platform - Code Injection
If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture.
by Marcin Wolak
CVSS 9.8
Zalando Skipper <0.13.236 - SSRF
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
by Hosein Vita
CVSS 9.8
Hashicorp Consul v1.0 - Remote Command Execution (RCE)
by GatoGamer1155
ZKTeco <8.88 - Info Disclosure
Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210). The fixed versions are firmware version 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and firmware version 15.00 (ZMM200-220-210).
by RedTeam Pentesting GmbH
CVSS 7.5
Tp-link Tapo C310 Firmware - Hard-coded Credentials
TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603.
by dsclee1
CVSS 7.5
ReQlogic v11.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.
by Okan Kurtulus
CVSS 6.1
Atom CMS 2.0 - SQL Injection
Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks.
by Hubert Wojciechowski
CVSS 7.5
WebTareas 2.4 - SQL Injection
WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access sensitive system data.
by Hubert Wojciechowski
CVSS 7.5
WebTareas 2.4 - File Upload
WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file path.
by Hubert Wojciechowski
CVSS 8.8
MiniDVBLinux 5.4 - RCE
MiniDVBLinux 5.4 contains a remote code execution vulnerability in the SVDRP protocol that allows remote attackers to send commands to manipulate TV systems. Attackers can send crafted SVDRP commands through the svdrpsend.sh script to execute messages and potentially control the video disk recorder remotely.
by LiquidWorm
CVSS 9.8
MiniDVBLinux 5.4 - Info Disclosure
MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_action.sh script that allows remote attackers to generate live stream snapshots through the Simple VDR Protocol. Attackers can request /tpl/tv_action.sh to create and retrieve a live TV screenshot stored in /var/www/images/tv.jpg without authentication.
by LiquidWorm
CVSS 5.3
MiniDVBLinux 5.4 - Auth Bypass
MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials.
by LiquidWorm
CVSS 9.8
MiniDVBLinux 5.4 - Info Disclosure
MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to retrieve a complete system configuration archive containing sensitive credentials.
by LiquidWorm
CVSS 7.5
Webgrind < 1.1 - XSS
Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary JavaScript in victim's browsers by crafting malicious URLs.
by Rafael Pedrero
CVSS 6.1
Webgrind < 1.1 - OS Command Injection
Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27' to execute commands on the target system.
by Rafael Pedrero
CVSS 9.8
Tftpd32 SE 4.60 - Code Injection
Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with system-level permissions.
by Ismael Nava
CVSS 8.4
Sysax Multi Server - Denial of Service
Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality.
by Luis Martínez
CVSS 9.1
Mediconta 3.7.27 - Privilege Escalation
Mediconta 3.7.27 contains an unquoted service path vulnerability in the servermedicontservice that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\medicont3\ to inject malicious code that would execute with LocalSystem permissions during service startup.
by Luis Martínez
CVSS 8.4
Extplorer < 2.1.14 - Missing Authentication
eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system.
by ErPaciocco
CVSS 9.8
Explorerplusplus Explorer++ - Out-of-Bounds Write
Explorer32++ 1.3.5.531 contains a buffer overflow vulnerability in Structured Exception Handler (SEH) records that allows attackers to execute arbitrary code. Attackers can exploit the vulnerability by providing a long file name argument over 396 characters to corrupt the SEH chain and potentially execute malicious code.
by Rafael Pedrero
CVSS 9.8
Gestionale Open 12.00.00 - 'DB_GO_80' Unquoted Service Path
by Luis Martínez
By Source