Exploitdb Exploits
50,076 exploits tracked across all sources.
ENTAB ERP 1.0 - Information Disclosure via Brute Force Attack
ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting.
by Deb Prasad Banerjee
CVSS 5.3
Wondershare Dr.Fone <12.9.6 - Privilege Escalation
Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable.
by Thurein Soe
CVSS 7.8
NotrinosERP 0.7 - SQL Injection via OrderNumber Parameter
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.
by Arvandy
CVSS 8.8
IBM Aspera Faspex < 4.4.2 PL2 - Remote Code Execution via YAML Deserialization
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.
by Maurice Lambert
CVSS 9.8
IBM Observability with Instana 239-0-239-2, 241-0-241-2, 243-0 - Unauthenticated Data Store Access
Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737.
by Shahid Parvez (zippon)
CVSS 9.1
Mercury MAC1200R Firmware - Unauthenticated Path Traversal via web-static/ URL
A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-static/ URL.
by Chunlei Shang_ Jiangsu Public Information Co._ Ltd.
CVSS 7.5
Tenda N300 F3 12.01.01.48 - Info Disclosure
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.
by @h454nsec
CVSS 9.6
Schneider Electric v1.0 - Directory traversal & Broken Authentication
by Parsa Rezaie Khiabanloo
Franklin Fueling Systems TS-550 - Exploit and Default Password
by Parsa Rezaie Khiabanloo
Unified Remote 3.13.0 - Remote Code Execution via Remote Upload Endpoint
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.
by H4rk3nz0
CVSS 9.8
FileZilla Client 3.63.1 - Code Injection
FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches.
by Bilal Qureshi
CVSS 9.8
LDAP Tool Box Self Service Password 1.5.2 - SSRF
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account takeover by intercepting and using stolen reset tokens.
by Tahar BENNACEF
CVSS 7.5
Kimai 1.30.10 - Sensitive Cookie with Improper SameSite Attribute
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.
by nu11secur1ty
CVSS 9.8
Flatnux 2021-03.25 - Authenticated Remote Code Execution via File Manager PHP Upload
Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server.
by Ömer Hasan Durmuş
CVSS 8.8
Titan FTP Server < 1.94.1205 - Authenticated Path Traversal via Move-File Function
An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.
by Andreas Finstad
CVSS 8.8
pdfkit < 0.8.7.2 - Command Injection via URL Parameter
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
by UNICORD
CVSS 7.3
modoboa < 2.0.4 - Authentication Bypass
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.
by 7h3h4ckv157
CVSS 9.8
Simple Task Managing System 1.0 - SQL Injection via login.php Username and Password Parameters
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.
by Hamdi Sevben
CVSS 9.8
Simple Food Ordering System 1.0 - Cross-Site Scripting in process_order.php
A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.
by Muhammad Navaid Zafar Ansari
CVSS 3.5
Purchase Order Management-1.0 - Local File Inclusion
by nu11secur1ty
polr < 2.3.0 - Unauthenticated Admin Account Creation via Setup Finish Endpoint
Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a request with specific cookie headers to the /setup/finish endpoint, they may be able to obtain admin privileges on the instance. This is caused by a loose comparison (==) in SetupController that is susceptible to attack. The project has been patched to ensure that a strict comparison (===) is used to verify the setup key, and that /setup/finish verifies that no users table exists before performing any migrations or provisioning any new accounts. This is fixed in version 2.3.0. Users can patch this vulnerability without upgrading by adding abort(404) to the very first line of finishSetup in SetupController.php.
by p4kl0nc4t
CVSS 9.3
Music Gallery Site 1.0 - SQL Injection via view_music_details.php id Parameter
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. This affects an unknown part of the file view_music_details.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221631.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
Music Gallery Site 1.0 - SQL Injection via Master.php GET Request Handler
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file Master.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221632.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
By Source