Exploitdb Exploits
50,130 exploits tracked across all sources.
The Cartography <6.0.1 - RCE
The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php.
by Nuri Çilengir
CVSS 9.8
Phpgurukul Art Gallery Management System - SQL Injection
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter.
by Rahul Patwari
CVSS 9.8
Phpgurukul Art Gallery Management System - SQL Injection
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php.
by Rahul Patwari
CVSS 9.8
Phpgurukul Art Gallery Management System - XSS
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.
by Rahul Patwari
CVSS 6.1
Red-gate Sql Monitor - XSS
A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter.
by geeklinuxman
CVSS 6.1
Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS)
by Sajibe Kanti
Sleuthkit The Sleuth Kit - OS Command Injection
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.
by Dino Barlattani
CVSS 7.8
Sudoedit Extra Arguments Priv Esc
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
by n3m1.sys
CVSS 7.8
Nacos 2.0.3 - Privilege Escalation
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.
by Jenson Zhao
CVSS 8.8
PMB 7.4.6 - SQL Injection
PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-based blind SQL injection attacks.
by str0xo DZ
CVSS 7.5
Aimonesoft Aimone Video Converter - Buffer Overflow
AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration form that causes application crashes. Attackers can generate a 7000-byte payload to trigger the denial of service and potentially exploit the software's registration mechanism.
by nu11secur1ty
CVSS 6.5
Splashtop 8.71.12001.0 - Code Injection
Splashtop 8.71.12001.0 contains an unquoted service path vulnerability in the Splashtop Software Updater Service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Splashtop\Splashtop Software Updater\ to inject malicious executables and escalate privileges.
by A.I. hernandez
CVSS 8.4
Reprisesoftware Reprise License Manager < 16.0 - XSS
XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field.
by Mohammed A.Siledar
CVSS 6.1
NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit
by Neil Kettle
GitLab CE/EE <15.1.5-15.3.1 - Authenticated RCE
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
by Antonio Francesco Sardella
CVSS 9.9
Yui < 2800 - XSS
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
by SITE Team
CVSS 6.1
perfSONAR <4.4.5 - CSRF
perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.
by Ryan Moore
CVSS 4.3
Apache HTTP Server < 2.4.52 - Out-of-Bounds Write
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
by Sunil Iyengar
CVSS 9.8
By Source