Exploitdb Exploits
50,076 exploits tracked across all sources.
roxy-wi < 6.1.1.0 - Unauthenticated Authentication Bypass via Crafted HTTP Request
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.
by Nuri Çilengir
CVSS 10.0
WordPress File Manager Unauthenticated Remote Code Execution
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
by BLY
CVSS 10.0
pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute
by nu11secur1ty
Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection via Order REST Route Code Parameter
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
by r3nt0n
CVSS 9.8
Metform Elementor Contact Form Builder <3.1.2 - XSS
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, which is the submissions page.
by Mohammed Chemouri
CVSS 7.2
GLPI 10.0.0-10.0.2 - SQL Injection via Actor Fields
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and all affected users are advised to upgrade.
by Nuri Çilengir
CVSS 9.8
glpi_inventory < 1.0.2 - Local File Inclusion via Public Script
### Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used.
by Nuri Çilengir
CVSS 5.3
GLPI CMDB < 3.0.3 - Unauthenticated Sensitive Information Exposure via File Parameter
front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter.
by Nuri Çilengir
CVSS 6.5
Managentities <4.0.2 - Path Traversal
The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter.
by Nuri Çilengir
CVSS 7.5
GLPI Cartography Plugin <6.0.1 - Remote Code Execution via front/upload.php
The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php.
by Nuri Çilengir
CVSS 9.8
Art Gallery Management System Project 1.0 - SQL Injection via editid Parameter
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter.
by Rahul Patwari
CVSS 9.8
Art Gallery Management System Project 1.0 - SQL Injection via cid Parameter
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php.
by Rahul Patwari
CVSS 9.8
Art Gallery Management System Project 1.0 - Reflected Cross-Site Scripting via artname Parameter
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.
by Rahul Patwari
CVSS 6.1
Redgate SQL Monitor 12.1.31.893 - Cross-Site Scripting via returnUrl Parameter
A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter.
by geeklinuxman
CVSS 6.1
Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS)
by Sajibe Kanti
the_sleuth_kit 4.11.1 - OS Command Injection via m Parameter
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.
by Dino Barlattani
CVSS 7.8
Sudoedit Extra Arguments Priv Esc
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
by n3m1.sys
CVSS 7.8
Nacos < 2.0.3 - Improper Authentication via Packet Manipulation
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.
by Jenson Zhao
CVSS 8.8
PMB 7.4.6 - SQL Injection via ajax.php Storage Parameter
PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-based blind SQL injection attacks.
by str0xo DZ
CVSS 7.5
AimOne Video Converter 2.04 Build 103 - Buffer Overflow in Registration Form
AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration form that causes application crashes. Attackers can generate a 7000-byte payload to trigger the denial of service and potentially exploit the software's registration mechanism.
by nu11secur1ty
CVSS 6.5
Splashtop 8.71.12001.0 - Code Injection
Splashtop 8.71.12001.0 contains an unquoted service path vulnerability in the Splashtop Software Updater Service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Splashtop\Splashtop Software Updater\ to inject malicious executables and escalate privileges.
by A.I. hernandez
CVSS 8.4
Reprise License Manager 14.2bl4-16.0 - Cross-Site Scripting via Signing Form Password Field
XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field.
by Mohammed A.Siledar
CVSS 6.1
By Source