Exploitdb Exploits
50,130 exploits tracked across all sources.
Atlassian Bitbucket Server/Data Center <7.6.17/<7.17.10/<7.21.4/<8....
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.
by khal4n1
CVSS 8.8
Wkhtmltopdf - SSRF
wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets.
by Momen Eldawakhly
CVSS 9.8
VIAVIWEB Wallpaper Admin 1.0 - SQL Injection
VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the img_id parameter. Attackers can send GET requests to edit_gallery_image.php with malicious img_id values to extract database information.
by Edd13Mora
CVSS 6.5
VIAVIWEB Wallpaper Admin 1.0 - RCE
VIAVIWEB Wallpaper Admin 1.0 contains an unauthenticated remote code execution vulnerability in the image upload functionality. Attackers can upload a malicious PHP file through the add_gallery_image.php endpoint to execute arbitrary code on the server.
by Edd13Mora
CVSS 9.8
VIAVIWEB Wallpaper Admin 1.0 - SQL Injection
VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface.
by Edd13Mora
CVSS 8.2
Linksys AX3200 1.1.00 - Command Injection
Linksys AX3200 1.1.00 is vulnerable to OS command injection by authenticated users via shell metacharacters to the diagnostics traceroute page.
by Ahmed Alroky
CVSS 8.8
Netgate Pfblockerng < 2.1.4_26 - OS Command Injection
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.
by IHTeam
CVSS 9.8
IOBit IOTransfer V4 - Unquoted Service Path
IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.
by BLAY ABU SAFIAN
CVSS 7.8
CVAT <2.0.0 - SSRF
CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue.
by Emir Polat
CVSS 8.6
Open Web Analytics <1.7.4 - Info Disclosure
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.
by Jacob Ebben
CVSS 9.8
Adtran Sr510n Firmware - Remote Code Execution
SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature.
by Yerodin Richards
CVSS 9.8
Megatech Msnswitch Firmware - Authentication Bypass
An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technologies Inc MSNSwitch MNT.2408 allows unauthenticated attackers to arbitrarily configure settings within the application, leading to remote code execution.
by Eli Fulkerson
CVSS 9.8
AVEVA InTouch Access Anywhere <2020 R2 - Path Traversal
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.
by Jens Regel
CVSS 7.5
Orangelab Imagemagick Engine < 1.7.5 - CSRF
The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server.
by ABDO10
CVSS 8.8
Zephyr Project Manager <3.2.5 - SQL Injection
The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections
by Rizacan Tufan
CVSS 9.8
Testa 3.5.1 - XSS
Testa 3.5.1 contains a reflected cross-site scripting vulnerability in the login.php redirect parameter that allows attackers to inject malicious scripts. Attackers can craft a specially encoded payload in the redirect parameter to execute arbitrary JavaScript in victim's browser context.
by Ashkan Moghaddas
CVSS 6.1
Aero CMS 0.0.1 - SQL Injection
Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the system.
by nu11secur1ty
CVSS 9.8
Wp-useronline < 2.88.1 - XSS
The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible for authenticated attackers, with administrative privileges, to inject JavaScript code into the setting that will execute whenever a user accesses the injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
by UnD3sc0n0c1d0
CVSS 5.5
Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS)
by UnD3sc0n0c1d0
Feehi CMS v2.1.1 - XSS
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.
by yuyudhn
CVSS 5.4
Teleport < 10.1.2 - OS Command Injection
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.
by Brandon Roach
CVSS 8.8
TP-Link Tapo C200 <1.1.15 - RCE
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.
by hacefresko
CVSS 9.8
savysoda Wifi HD Wireless Disk Drive 11 - Local File Inclusion
savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File Inclusion.
by Chokri Hammedi
CVSS 7.5
By Source