Exploitdb Exploits
31,346 exploits tracked across all sources.
Online Student Enrollment System 1.0 - Cross-Site Request Forgery (Add Student)
by BKpatron
Frigate 2.02 - DoS
Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. Attackers can generate a payload of 8000 repeated characters and paste it into the application's command line field to trigger an application crash.
by Paras Bhatia
CVSS 7.5
Webport Web Port - XSS
Web Port 1.19.1 allows XSS via the /access/setup type parameter.
by Emre ÖVÜNÇ
CVSS 6.1
Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload
by BKpatron
Webport Web Port - XSS
Web Port 1.19.1 allows XSS via the /log type parameter.
by Emre ÖVÜNÇ
CVSS 6.1
Afian Filerun < 2019.06.01 - XSS
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This issue has been fixed in FileRun 2019.06.01.
by Emre ÖVÜNÇ
CVSS 6.1
Eaton Intelligent Power Manager 1.6 - Directory Traversal
by Emre ÖVÜNÇ
Beauty Parlour Management System 1.0 - Authentication Bypass
by Prof. Kailas PATIL
OpenCTI 3.3.1 - XSS
OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For example, a request to /graphql?'"--></style></scRipt><scRipt>alert('Raif_Berkay')</scRipt> will trigger an alert. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.
by Raif Berkay Dincel
CVSS 5.4
OpenCTI 3.3.1 - Path Traversal
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting /static/css//../../../../../../../../etc/passwd returns the contents of /etc/passwd. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.
by Raif Berkay Dincel
CVSS 7.5
College Management System - SQL Injection
College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query.
by BLAY ABU SAFIAN
CVSS 9.8
10-Strike Bandwidth Monitor 3.9 - Privilege Escalation
10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services that allows local attackers to escalate privileges. Attackers can place a malicious executable in specific file path locations to achieve privilege escalation to SYSTEM during service startup.
by boku
CVSS 7.8
Sysax Multi Server 6.90 - XSS
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter.
by Luca Epifanio
CVSS 6.1
Avaya IP Office < 10.1.0.7 - Information Disclosure
A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.
by hyp3rlinx
CVSS 5.5
Sistem Informasi Pengumuman Kelulusan Online 1.0 - CSRF
Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin credentials and create new administrative accounts without the victim's consent.
by Extinction
CVSS 5.3
Qbik Wingate - Incorrect Permission Assignment
WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
by hyp3rlinx
CVSS 7.8
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection
by Mehmet Kelepçe
Virtual Airlines Manager 2.6.2 - 'airport' SQL Injection
by Kostadin Tonev
Kyocera Printer d-COPIA253MF - Path Traversal
A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server.
by Hakan Eren ŞAN
CVSS 7.5
Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection
by Pankaj Kumar Thakur
Navigate CMS 2.8.7 - CSRF
Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without additional validation.
by Gus Ralph
CVSS 4.3
PHPGurukul Hostel Mgt Sys <2.0 - SQL Injection
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.
by Enesdex
CVSS 9.8
By Source