Exploitdb Exploits
31,341 exploits tracked across all sources.
Novel-plus 3.5.1 - Path Traversal
Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (小说精品屋-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter.
by tuyiqiang
CVSS 5.3
Budget Management System - XSS
A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'.
by Jitendra Kumar Tripathi
CVSS 5.4
Equipment Inventory System - XSS
Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add Item , Employee and Position or others in the Name Parameters.
by Jitendra Kumar Tripathi
CVSS 5.4
WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated)
by m0ze
Concretecms Concrete Cms < 8.5.5 - XSS
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.
by Quadron Research Lab
CVSS 4.8
TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting (Unauthenticated)
by Smriti Gaba
Moodle 3.10.3 - XSS
Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the event.
by Vincent666
CVSS 7.2
Regis Inventory And Monitoring System 1.0 - 'Item List' Persistent Cross-Site Scripting
by George Tsimpidas
Genexis Platinum-4410 P4410-V2-1.31A - XSS
Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the 'start_addr' parameter of the Security Management interface. Attackers can inject malicious scripts through the start source address field that will persist and trigger for privileged users when they access the security management page.
by Jithin KS
CVSS 7.2
Ovidentia < 6.7.7 - SQL Injection
Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. The "checkbox" property into "text" data can be extracted and displayed in the text region or in source code.
by Felipe Prates Donato
CVSS 5.4
Jquery < 1.9.0 - XSS
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
by MiningOmerta
CVSS 6.1
Ext2Fsd 0.68 - Buffer Overflow
An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path.
by Mohammed Alshehri
CVSS 7.8
Hi-Rez Studios 5.1.6.3 - Code Injection
Hi-Rez Studios 5.1.6.3 contains an unquoted service path vulnerability in the HiPatchService that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions.
by Ekrem Can Kök
CVSS 7.8
Event Log Explorer 4.9.3 - Privilege Escalation
Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations that will be executed with LocalSystem account privileges during service startup.
by Alan Mondragon
CVSS 7.8
ActivIdentity 8.2 - Local Privilege Escalation
ActivIdentity 8.2 contains an unquoted service path vulnerability in the ac.sharedstore service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\Common Files\ActivIdentity\ to inject malicious executables and escalate privileges.
by SamAlucard
CVSS 7.8
ELAN Touchpad 15.2.13.1_X64_WHQL - 'ETDService' Unquoted Service Path
by SamAlucard
MyBB <1.8.26 - SQL Injection
SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).
by SivertPL
CVSS 8.8
Hotel And Lodge Management System 1.0 - 'Customer Details' Stored XSS
by Jitendra Kumar Tripathi
WIN-PACK PRO 4.8 - Privilege Escalation
WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WPCommandFileService Service.exe to inject malicious code that would execute with LocalSystem permissions.
by Alan Mondragon
CVSS 7.8
WIN-PACK PRO4.8 - Privilege Escalation
WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files <x86>\WINPAKPRO\ScheduleService Service.exe' to inject malicious code that would execute during service startup.
by Alan Mondragon
CVSS 7.8
WIN-PACK PRO 4.8 - Privilege Escalation
WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the GuardTourService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WP GuardTour Service.exe to inject malicious code that would execute during service startup.
by Alan Mondragon
CVSS 7.8
OSAS Traverse Extension 11 - Path Traversal
OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path, potentially gaining elevated system access.
by Johnny Tech
CVSS 7.8
MacPaw Encrypto 1.0.1 - Code Injection
MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables and escalate privileges on Windows systems.
by Ismael Nava
CVSS 7.8
SAPSetup Automatic Workstation Update Service 750 - 'NWSAPAutoWorkstationUpdateSvc' Unquoted Service Path
by Alan Mondragon
KZTech T3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm
by LiquidWorm
By Source