Exploitdb Exploits
31,341 exploits tracked across all sources.
Client Management System 1.1 - 'username' Stored Cross-Site Scripting (XSS)
by BHAVESH KAUL
Spy Emergency 25.0.650 - Privilege Escalation
Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted file paths in SpyEmergencyHealth.exe and SpyEmergencySrv.exe to inject malicious code during system startup or service restart.
by Erick Galindo
CVSS 7.8
WibuKey Runtime 6.51 - Code Injection
WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and escalate privileges.
by Brian Rodriguez
CVSS 7.8
Tftpd64 4.64 - 'Tftpd32_svc' Unquoted Service Path
by Brian Rodriguez
TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated)
by Mert Daş
Stock Management System 1.0 - 'user_id' Blind SQL injection (Authenticated)
by Riadh Benlamine
Small CRM 3.0 - 'Authentication Bypass' SQL Injection
by BHAVESH KAUL
COVID19 Testing Management System 1.0 - 'State' Stored Cross-Site-Scripting (XSS)
by BHAVESH KAUL
Accela Civic Platform < 20.1 - XSS
Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information.
by Abdulazeez Alaseeri
CVSS 6.1
Accela Civic Platform <20.1 - Info Disclosure
portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable.
by Abdulazeez Alaseeri
CVSS 6.5
Grocerycrud Grocery Crud < 2.0.1 - SQL Injection
Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order_by parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the order_by[] parameter in POST requests to the ajax_list endpoint to potentially extract or modify database information.
by TonyShavez
CVSS 9.1
BKW Solar-log 500 Firmware < 2.8.1 - Cleartext Storage
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. Fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.
by Luca.Chiou
CVSS 6.5
BKW Solar-log 500 Firmware < 2.8.1 - Missing Authentication
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. Fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.
by Luca.Chiou
CVSS 7.5
Tribal Systems Zenario CMS <8.8.52729 - XSS
Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.
by Avinash R
CVSS 4.8
Cerberus FTP Server <10.0.19, <11.0.4 - XSS
The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document.
by Mohammad Hossein Kaviyany
CVSS 6.1
Accela Civic Platform < 21.1 - XSS
In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information.
by Abdulazeez Alaseeri
CVSS 6.1
TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS)
by Mert Daş
Student Result Management System 1.0 - 'class' SQL Injection
by Riadh Benlamine
WordPress Plugin visitors-app 0.3 - 'user-agent' Stored Cross-Site Scripting (XSS)
by Mesut Cetin
WordPress Plugin Smart Slider-3 3.5.0.8 - 'name' Stored Cross-Site Scripting (XSS)
by Hardik Solanki
Seo Panel 4.8.0 - XSS
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter.
by Piyush Patil
CVSS 4.8
FUDForum 3.1.0 - XSS
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter.
by Piyush Patil
CVSS 6.1
FUDForum 3.1.0 - XSS
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.
by Piyush Patil
CVSS 6.1
4images <1.8 - XSS
A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter.
by Piyush Patil
CVSS 4.8
By Source