Exploitdb Exploits
50,135 exploits tracked across all sources.
Home Owners Collection Management System - SQL Injection
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php.
by Saud Alenazi
CVSS 9.8
Home Owners Collection Management System v1.0 - Info Disclosure
Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request.
by Saud Alenazi
CVSS 9.8
Home Owners Collection Management System - Remote Code Execution
Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php.
by Saud Alenazi
CVSS 8.8
Wordpress Secure Copy Content Protection and Content Locking sccp_id Unauthenticated SQLi
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.
by Ron Jost
CVSS 9.8
WordPress Plugin Jetpack 9.1 - Cross Site Scripting (XSS)
by Milad karimi
WordPress Plugin Contact Form Builder 1.6.1 - Cross-Site Scripting (XSS)
by Milad karimi
Hms - SQL Injection
HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.
by nu11secur1ty
CVSS 9.8
Exam Reviewer Management System 1.0 - Authenticated RCE
In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE).
by Juli Agarwal
CVSS 8.8
Exam Reviewer Management System 1.0 - SQL Injection
Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.
by Juli Agarwal
CVSS 9.8
AtomCMS v2.0 - SQL Injection
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
by Luca Cuzzolin
CVSS 9.8
Wing FTP Server 4.3.8 - Remote Code Execution (RCE) (Authenticated)
by notcos
Presstigers Simple Board Job < 2.9.3 - Path Traversal
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php.
by Ven3xy
CVSS 7.7
Security Audit WP <1.0.0 - XSS
The Security Audit WordPress plugin through 1.0.0 does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
by Shweta Mahajan
CVSS 4.8
WordPress Plugin International Sms For Contact Form 7 Integration V1.2 - Cross Site Scripting (XSS)
by Milad karimi
CP Blocks WP <1.0.15 - XSS
The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
by Shweta Mahajan
CVSS 4.8
Hospital Management System v4.0 - SQL Injection
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
by nu11secur1ty
CVSS 9.8
Strapi CMS Unauthenticated Password Reset
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
by WackyH4cker
CVSS 9.8
Filebrowser <2.18.0 - CSRF
A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE.
by FEBIN MON SAJI
CVSS 8.8
WBCE CMS 1.5.2 - Authenticated RCE
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by crafting a specially designed zip file payload.
by Antonio Cuomo
CVSS 8.8
Flame II HSPA USB Modem - Privilege Escalation
Flame II HSPA USB Modem contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Internet Telcel\ApplicationController.exe' to execute arbitrary code with elevated system privileges.
by Ismael Nava
CVSS 9.8
Servisnet Tessa 0.0.2 - Info Disclosure
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.
by AkkuS
CVSS 7.5
Servisnet Tessa - IDOR
An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request.
by AkkuS
CVSS 9.8
WordPress Plugin IP2Location Country Blocker 2.26.7 - Stored Cross Site Scripting (XSS) (Authenticated)
by Ahmet Serkan Ari
Servisnet Tessa 0.0.2 - Info Disclosure
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.
by AkkuS
CVSS 7.5
By Source