Exploitdb Exploits
50,130 exploits tracked across all sources.
Liferay Portal - OS Command Injection
Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The vendor disputes this issue because the exploit reference link only shows frmfolders.html is accessible and does not demonstrate how an unauthorized user can upload a file.
by Fu2x2000
CVSS 9.8
Frappe ERPNext <12.29.0 - XSS
Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users.
by Patrick Dean Ramos / Nathu Nandwani / Junnair Manla
CVSS 6.1
Dell R1-2210 Firmware < 3.0.1.2 - Information Disclosure
Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.
by Ken Pyle
CVSS 8.1
D-Link DIR-846 - RCE
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.
by Françoa Taffarel
CVSS 8.8
Answer < 1.0.4 - Improper Access Control
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.
by Eduardo Pérez-Malumbres Cervera
CVSS 9.8
Zstore 6.5.4 - XSS
Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in victim's browser context.
by nu11secur1ty
CVSS 6.1
Clevo HotKey Clipboard 2.1.0.6 - Code Injection
Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured service path to inject and execute arbitrary code by placing malicious executables in specific file system locations.
by Wim Jaap van Vliet
CVSS 8.4
MyBB 1.8.32 - Authenticated RCE
MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute arbitrary code. Attackers can modify upload path settings, upload a malicious PHP-embedded image file, and execute commands through the language configuration editing interface.
by lUc1f3r11
CVSS 8.8
Windows Backup Service - Privilege Escalation
Windows Backup Service Elevation of Privilege Vulnerability
by nu11secur1ty
CVSS 7.1
Microsoft Exchange Active Directory Topology 15.02.1118.007 - 'Service MSExchangeADTopology' Unquoted Service Path
by Milad karimi
Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow
by Knursoft
Chromacam 4.0.3.0 - PsyFrameGrabberService Unquoted Service Path
by Laguin Benjamin
Solaris 10 libXm - Buffer overflow Local privilege escalation
by Marco Ivaldi
Roxy-WI <6.1.1.0 - Command Injection
Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for this issue.
by Nuri Çilengir
CVSS 10.0
Roxy-wi <6.1.1.0 - RCE
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.
by Nuri Çilengir
CVSS 10.0
Roxy-wi <6.1.1.0 - Auth Bypass
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.
by Nuri Çilengir
CVSS 10.0
WordPress File Manager Unauthenticated Remote Code Execution
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
by BLY
CVSS 10.0
pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute
by nu11secur1ty
Strangerstudios Paid Memberships Pro < 2.9.8 - SQL Injection
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
by r3nt0n
CVSS 9.8
Metform Elementor Contact Form Builder <3.1.2 - XSS
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, which is the submissions page.
by Mohammed Chemouri
CVSS 7.2
GLPI <10.0.2 - SQL Injection
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and all affected users are advised to upgrade.
by Nuri Çilengir
CVSS 9.8
Plugin - Info Disclosure
### Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used.
by Nuri Çilengir
CVSS 5.3
GLPI <3.0.3 - Info Disclosure
front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter.
by Nuri Çilengir
CVSS 6.5
Managentities <4.0.2 - Path Traversal
The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter.
by Nuri Çilengir
CVSS 7.5
By Source