Exploitdb Exploits
31,341 exploits tracked across all sources.
Croogo 3.0.2 - 'Multiple' Stored Cross-Site Scripting (XSS)
by Enes Özeser
Cybelesoft Thinfinity Virtualui < 3.0 - Information Disclosure
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists.
by Daniel Morales
CVSS 5.3
Softlinkint Oliver V5 Library - Download Without Integrity Check
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.
by Mandeep Singh
CVSS 7.5
Softlinkint Oliver V5 Library < 8.00.008.053 - Path Traversal
Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'fileName' parameter to download sensitive files from the server's filesystem.
by Mandeep Singh
CVSS 7.5
meterN 1.2.3 - Authenticated RCE
meterN 1.2.3 contains an authenticated remote code execution vulnerability in admin_meter2.php and admin_indicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges.
by LiquidWorm
CVSS 8.8
Zucchetti Axess CLOKI Access Control 1.64 - CSRF
Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking authenticated users into loading the page.
by LiquidWorm
CVSS 3.5
Online Thesis Archiving System - SQL Injection
Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection
by Yehia Elghaly
CVSS 9.8
Microsoft Internet Explorer / ActiveX Control - Security Bypass
by hyp3rlinx
WordPress Plugin Typebot 1.4.3 - Stored Cross Site Scripting (XSS) (Authenticated)
by Mansi Singh
Hd-network Real-time Monitoring System - Path Traversal
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter.
by Momen Eldawakhly
CVSS 7.5
Sourcecodester Free school management software 1.0 - RCE
An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "<?php system($_GET["cmd"]); ?>" gets uploaded it is saved into /uploads/exam_question/ directory, and is accessible by all users.
by fuzzyap1
CVSS 9.8
Free School Management Software 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)
by fuzzyap1
MTPutty 1.0.1.21 - Info Disclosure
MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes, exposing plaintext SSH credentials.
by Sedat Ozdemir
CVSS 6.2
TestLink 1.19 - Arbitrary File Download (Unauthenticated)
by Gonzalo Villegas
Kabir Alhasan Student Management System 1.0 - Auth Bypass
Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".
by Enes Özeser
CVSS 9.8
Employees Daily Task Management System 1.0 - 'username' SQLi Authentication Bypass
by able403
Employees Daily Task Management System 1.0 - 'multiple' Cross Site Scripting (XSS)
by able403
Croogo - Unrestricted File Upload
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.
by Deha Berkin Bir
CVSS 8.8
Auerswald COMpact 8.0B - Privilege Escalation
by RedTeam Pentesting GmbH
Auerswald COMpact 5500R <8.0B - RCE
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device.
by RedTeam Pentesting GmbH
CVSS 9.8
Auerswald COMpact 8.0B - Arbitrary File Disclosure
by RedTeam Pentesting GmbH
Auerswald COMfortel 2.8F - Authentication Bypass
by RedTeam Pentesting GmbH
WordPress Plugin Slider by Soliloquy 2.6.2 - 'title' Stored Cross Site Scripting (XSS) (Authenticated)
by Abdurrahman Erkan
Digitalzoomstudio Zoomsounds < 6.45 - Path Traversal
The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.
by Uriel Yochpaz
CVSS 7.5
By Source