Exploitdb Exploits
31,341 exploits tracked across all sources.
Click2Magic 1.1.5 - XSS
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests.
by Shivam Verma
CVSS 6.4
MiniTool ShadowMaker 3.2 - Local Privilege Escalation
MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' to inject malicious executables and escalate privileges.
by Thalia Nieto
CVSS 7.8
Knockpy 4.1.1 - Code Injection
Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet applications.
by Dolev Farhi
CVSS 9.8
4homepages 4images - XSS
4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inject the XSS payload into the IMAGE URL. Each time a user visits that URL, the XSS triggers and the attacker can be able to steal the cookie according to the crafted payload.
by Ritesh Gohil
CVSS 4.8
WordPress <5.2.3 - XSS
WordPress before 5.2.3 allows XSS in post previews by authenticated users.
by gx1
CVSS 5.4
Intelliants Subrion Cms - XSS
Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.
by icekam
CVSS 6.1
Advanced Comment System - Path Traversal
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623
by Francisco Javier Santiago Vázquez
CVSS 7.5
WordPress Plugin WP-PostRatings 1.86 - 'postratings_image' Cross-Site Scripting
by Park Won Seok
WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload
by spacehen
Apartment Visitors Management System 1.0 - Authentication Bypass
by Kshitiz Raj
Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS
by Vijay Sachdeva
Online Learning Management System 1.0 - Multiple Stored XSS
by Aakash Madaan
Online Learning Management System 1.0 - Authentication Bypass
by Aakash Madaan
Online Learning Management System 1.0 - 'id' SQL Injection
by Aakash Madaan
Victor CMS 1.0 - RCE
Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser.
by Mosaaed
CVSS 8.8
Cse Bookstore - SQL Injection
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running.
by Musyoka Ian
CVSS 9.8
Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection (Authenticated)
by Matthew Aberegg
Multi Branch School Management System 3.5 - _Create Branch_ Stored XSS
by Kislay Kumar
Library Management System 3.0 - _Add Category_ Stored XSS
by Kislay Kumar
Artworks Gallery Management System 1.0 - 'id' SQL Injection
by Vijay Sachdeva
Academy-LMS v4.3 - XSS
Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.
by Vinicius Alves
CVSS 4.8
By Source