Exploitdb Exploits
50,130 exploits tracked across all sources.
Bludit 3-14-1 Plugin 'UploadPlugin' - Remote Code Execution (RCE) (Authenticated)
by Alperen Ergel
ASKEY RTF3505VW-N1 - Privilege Escalation
by Leonardo Nicolas Servalli
qubes-mirage-firewall <0.8.4 - DoS
qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255).
by Krzysztof Burghardt
CVSS 7.5
EQ < 2.2.0 - SQL Injection
EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter.
by TLF
CVSS 9.8
myBB Forums 1.8.26 - XSS
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated administrators to inject malicious scripts when creating announcements. Attackers can exploit this vulnerability by inserting script payloads in the announcement title field when adding announcements through the 'Forums and Posts' > 'Forum Announcements' interface, causing arbitrary JavaScript to execute when the announcement is displayed on the forum.
by Andrey Stoykov
CVSS 5.4
myBB Forums 1.8.26 - XSS
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum management system that allows authenticated administrators to inject malicious scripts when creating new forums. Attackers can exploit this vulnerability by inserting script payloads in the forum title field when adding new forums through the 'Forums and Posts' > 'Forum Management' interface, causing arbitrary JavaScript to execute when the forum listing is viewed.
by Andrey Stoykov
CVSS 5.4
myBB Forums 1.8.26 - XSS
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticated administrators to inject malicious scripts when creating new templates. Attackers can exploit this vulnerability by inserting script payloads in the template title field when adding new templates through the 'Templates and Style' > 'Templates' > 'Manage Templates' > 'Global Templates' interface, causing arbitrary JavaScript to execute when the template is viewed.
by Andrey Stoykov
CVSS 5.4
Zillya Total Security 3.0.2367.0 - Privilege Escalation
Zillya Total Security 3.0.2367.0 contains a privilege escalation vulnerability that allows low-privileged users to copy files to unauthorized system locations using the quarantine module. Attackers can leverage symbolic link techniques to restore quarantined files to restricted directories, potentially enabling system-level access through techniques like DLL hijacking.
by M. Akil Gündoğan
CVSS 8.4
Eve-ng - XSS
A vulnerability was found in EVE-NG 5.0.1-13 and classified as problematic. Affected by this issue is some unknown functionality of the component Lab Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256442 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by @casp3r0x0 hassan ali al-khafaji
CVSS 2.4
4images 1.9 - Authenticated RCE
4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php endpoint with a crafted cat_id parameter.
by Andrey Stoykov
CVSS 7.2
WPForms 1.7.8 - XSS
WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser.
by Milad karimi
CVSS 6.1
Covenant 0.1.3-0.5 - RCE
Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system.
by xThaz
CVSS 9.8
Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path
by P4p4 M4n3
CrowdStrike Falcon <6.31.14505.0/6.42.15610/6.44.15806 - Auth Bypass
A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610/6.44.15806. It has been classified as problematic. Affected is an unknown function of the component Uninstallation Handler. The manipulation leads to missing authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.40.15409, 6.42.15611 and 6.44.15807 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-206880.
by Fortunato Lodari
CVSS 2.7
AudioCodes Device Manager Express <7.8.20002.47752 - Path Traversal
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter.
by Eric Flokstra
CVSS 5.3
Virtualreception Digital Reciptie - Path Traversal
Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request.
by Spinae
CVSS 7.5
Rejected
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2022-42245. Reason: This record is a duplicate of CVE-2022-42245. Notes: All CVE users should reference CVE-2022-42245 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
by lvren
By Source