Exploitdb Exploits
50,130 exploits tracked across all sources.
Tftpd32 SE 4.60 - Code Injection
Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with system-level permissions.
by Ismael Nava
CVSS 8.4
Sysax Multi Server - Denial of Service
Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality.
by Luis Martínez
CVSS 9.1
Mediconta 3.7.27 - Privilege Escalation
Mediconta 3.7.27 contains an unquoted service path vulnerability in the servermedicontservice that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\medicont3\ to inject malicious code that would execute with LocalSystem permissions during service startup.
by Luis Martínez
CVSS 8.4
Extplorer < 2.1.14 - Missing Authentication
eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system.
by ErPaciocco
CVSS 9.8
Explorerplusplus Explorer++ - Out-of-Bounds Write
Explorer32++ 1.3.5.531 contains a buffer overflow vulnerability in Structured Exception Handler (SEH) records that allows attackers to execute arbitrary code. Attackers can exploit the vulnerability by providing a long file name argument over 396 characters to corrupt the SEH chain and potentially execute malicious code.
by Rafael Pedrero
CVSS 9.8
Gestionale Open 12.00.00 - 'DB_GO_80' Unquoted Service Path
by Luis Martínez
Grafana < 6.2.5 - XSS
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
by SimranJeet Singh
CVSS 5.4
Zoneminder < 1.36.27 - Improper Input Validation
ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the "/zm/index.php" endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue.
by Trenches of IT
CVSS 5.4
Zentao Project Management System 17.0 - Authenticated Remote Code Execution (RCE)
by mister0xf
WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities
by Rafael Pedrero
FlatCore CMS 2.1.1 - Stored Cross-Site Scripting (XSS)
by Sinem Şahin
Clansphere CMS 2011.4 - Stored Cross-Site Scripting (XSS)
by Sinem Şahin
Fortinet Fortiproxy < 7.0.7 - Authentication Bypass
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
by Felipe Alcantara
CVSS 9.8
By Source