Exploitdb Exploits
50,076 exploits tracked across all sources.
AudioCodes Device Manager Express <7.8.20002.47752 - Path Traversal
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter.
by Eric Flokstra
CVSS 5.3
virtualreception Digital Receptie win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 - Path Traversal via Crafted GET Request
Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request.
by Spinae
CVSS 7.5
Router ZTE-H108NS - Stack Buffer Overflow (DoS)
by George Tsimpidas
LISTSERV 17 - Cross-Site Scripting via c Parameter
A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter.
by Shaunt Der-Grigorian
CVSS 6.1
LISTSERV 17 - Unauthenticated Account Modification via IDOR in wa.exe Email Parameter
The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account.
by Shaunt Der-Grigorian
CVSS 7.5
D-Link DSL-124 ME_1.00 - Info Disclosure
D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to download a complete backup file containing sensitive network credentials and system configurations.
by Aryan Chehreghani
CVSS 7.5
Outline 1.6.0 - Privilege Escalation
Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executable to inject malicious code that will be executed with LocalSystem permissions.
by Milad karimi
CVSS 7.8
Inbit Messenger 4.6.0-4.9.0 - Unauthenticated Remote Code Execution via SEH Overflow
Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute arbitrary code by sending malformed network packets. Attackers can craft a specially designed payload targeting the messenger's network handler to overwrite the Structured Exception Handler (SEH) and execute shellcode on vulnerable Windows systems.
by a-rey
CVSS 9.8
inbit_messenger 4.6.0-4.9.0 - Unauthenticated Remote Code Execution via Malicious XML Packet
Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packets to port 10883 with a malicious payload to trigger the vulnerability and execute commands with system privileges.
by a-rey
CVSS 9.8
Internet Download Manager v6.41 Build 3 - Remote Code Execution (RCE)
by M. Akil Gündoğan
WP All Import < 3.6.8 - Authenticated Arbitrary File Upload via wp_all_import_get_gz.php
The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
by AkuCyberSec
CVSS 7.2
Revenue Collection System v1.0 - Remote Code Execution (RCE)
by Joe Pollock
Human Resource Management System 1.0 - SQL Injection (unauthenticated)
by Matthijs van der Vaart (eMVee)
Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)
by Rajeshwar Singh
Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)
by Bleron Rrustemi
Moodle LMS 4.0 Cross-Site Scripting via course search.php
Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the search field in course/search.php to execute arbitrary scripts in users' browsers and steal session cookies.
by Saud Alenazi
CVSS 6.1
Social-Share-Buttons 2.2.3 - SQL Injection
Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the project_id parameter that allows attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted POST requests with malicious SQL payloads to retrieve and potentially steal entire database contents.
by nu11secur1ty
CVSS 8.2
Jetpack 11.4 - Cross-Site Scripting via Contact Form post_id Parameter
Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts through the post_id parameter. Attackers can craft malicious URLs with script payloads to execute arbitrary JavaScript in victims' browsers when they interact with the contact form page.
by Behrouz Mansoori
CVSS 6.1
YouPHPTube <= 7.8 - Cross-Site Scripting via Signup RedirectUri Parameter
YouPHPTube <= 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they access the signup page.
by Rafael Pedrero
CVSS 6.1
By Source