Exploitdb Exploits
31,341 exploits tracked across all sources.
COMMAX WebViewer ActiveX Control 2.1.4.5 - Buffer Overflow
COMMAX WebViewer ActiveX Control 2.1.4.5 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit boundary errors in Commax_WebViewer.ocx to cause buffer overflow conditions and potentially gain code execution.
by LiquidWorm
COMMAX UMS Client ActiveX Control 1.7.0.2 - Buffer Overflow
COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNC_Ctrl.dll to cause heap corruption and potentially gain system-level access.
by LiquidWorm
Simple Phone Book 1.0 - 'Username' SQL Injection (Unauthenticated)
by Justin White
Online Traffic Offense Management System 1.0 - 'id' SQL Injection (Authenticated)
by Justin White
Laundry Booking Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
by Azumah Foresight Xorlali
Laundry Booking Management System 1.0 - 'Multiple' SQL Injection
by Azumah Foresight Xorlali
Charity Management System CMS 1.0 - Multiple Vulnerabilities
by Davide Taraschi
Crime records Management System 1.0 - 'Multiple' SQL Injection (Authenticated)
by Davide Taraschi
COVID19 Testing Management System 1.0 - 'Multiple' SQL Injections
by Halit AKAYDIN
GeoVision GeoWebServer 5.3.3 - RCE
GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access system files and execute malicious scripts.
by Ken Pyle
CVSS 6.2
SonicWall NetExtender <10.2.300 - Privilege Escalation
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.
by shinnai
CVSS 5.3
Simple Water Refilling Station Management System 1.0 - SQL Injection
SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter.
by Matt Sorrell
CVSS 9.8
COMMAX Smart Home System - Info Disclosure
COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by submitting a GET request to this endpoint.
by LiquidWorm
COMMAX Smart Home System - DoS
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint.
by LiquidWorm
COMMAX Smart Home System CDP-1020n - SQL Injection
COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access.
by LiquidWorm
COMMAX CVD-Axx DVR 5.1.4 - Info Disclosure
COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel.
by LiquidWorm
COMMAX Biometric Access Control System 1.0.0 - Auth Bypass
COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and disclose sensitive information.
by LiquidWorm
CentOS Web Panel 0.9.8.1081 - Stored Cross-Site Scripting (XSS)
by Dinesh Mohanty
NetGear D1500 V1.0.0.21_1.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting (XSS)
by Securityium
Care2x Hospital Information Management 2.7 Alpha - XSS
Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_maiden", "name_2", "name_3" parameters.
by securityforeveryone.com
CVSS 5.4
Simple Image Gallery System 1.0 - 'id' SQL Injection
by Azumah Foresight Xorlali
Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
by Ömer Hasan Durmuş
By Source