Exploitdb Exploits
31,343 exploits tracked across all sources.
Courier Management System - XSS
Courier Management System 1.0 - 'First Name' Stored XSS
by Zhaiyi
CVSS 5.4
Courier Management System - SQL Injection
SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php
by Zhaiyi
CVSS 6.5
Supply Chain Management System - Auth Bypass SQL Injection
by Piyush Malviya
Medical Center Portal Management System 1.0 - Multiple Stored XSS
by Saeed Bala Ahmed
Jenkins <2.251-2.235.3 - XSS
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
by gx1
CVSS 5.4
Jenkins <2.251-<2.235.3 - XSS
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
by gx1
CVSS 5.4
PDF Complete <3.5.310.2002 - Code Injection
PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.
by Zaira Alquicira
CVSS 7.8
Openfire 4.6.0 - XSS
Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. Attackers can craft a payload with script tags to execute arbitrary JavaScript in the context of administrative users viewing the nodejs configuration page.
by j5s
CVSS 6.4
Egavilanmedia Barcodes Generator - XSS
EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website.
by Nikhil Kumar
CVSS 6.1
Opencart - CSRF
Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.
by Mahendra Purbia
CVSS 3.5
WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site Scripting
by Ilca Lucian Florin
Library Management System 2.0 - Auth Bypass SQL Injection
by Manish Solanki
VestaCP 0.9.8-26 - Auth Bypass
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissions.
by Vulnerability-Lab
CVSS 9.8
Huawei HedEx Lite 200R006C00SPC005 - Path Traversal
by Vulnerability-Lab
Task Management System 1.0 - Unrestricted File Upload to Remote Code Execution
by Saeed Bala Ahmed
Task Management System 1.0 - 'First Name and Last Name' Stored XSS
by Saeed Bala Ahmed
VestaCP 0.9.8-26 - 'backup' Information Disclosure
by Vulnerability-Lab
Online Bus Ticket Reservation - SQL Injection
SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields.
by Sakshi Sharma
CVSS 9.8
Employee Performance Evaluation System - XSS
Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields.
by Ritesh Gohil
CVSS 4.8
Microsoft GamingServices 2.47.10001.0 - 'GamingServices' Unquoted Service Path
by Ismael Nava
Phpgurukul Cyber Cafe Management System - XSS
Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter.
by Pruthvi Nekkanti
CVSS 6.1
Rumble Mail Server 0.51.3135 - Buffer Overflow
An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path.
by Mohammed Alshehri
CVSS 7.8
Kite 1.2020.1119.0 - Code Injection
Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Kite\KiteService.exe' to inject malicious executables and escalate privileges on the system.
by Ismael Nava
CVSS 7.8
TapinRadio 2.13.7 - DoS
TapinRadio 2.13.7 contains a denial of service vulnerability in the application proxy settings that allows attackers to crash the program by overflowing input fields. Attackers can paste a large buffer of 20,000 characters into the username and address fields to cause the application to become unresponsive and require reinstallation.
by Ismael Nava
CVSS 7.5
By Source