Exploitdb Exploits
50,076 exploits tracked across all sources.
MTPutty 1.0.1.21 - Sensitive Information Disclosure via PowerShell Process Listing
MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes, exposing plaintext SSH credentials.
by Sedat Ozdemir
CVSS 6.2
Chikitsa Patient Management System 2.0.2 - Authenticated Remote Code Execution via Malicious Plugin Upload
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables arbitrary command execution on the server through a weaponized PHP script.
by 0z09e
CVSS 8.8
Chikitsa Patient Management System 2.0.2 - Authenticated Remote Code Execution via Backup Restoration
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability in the backup restoration functionality. Authenticated attackers can upload a modified backup zip file with a malicious PHP shell to execute arbitrary system commands on the server.
by 0z09e
CVSS 8.8
TestLink 1.19 - Arbitrary File Download (Unauthenticated)
by Gonzalo Villegas
Kabir Alhasan Student Management System 1.0 - Auth Bypass
Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".
by Enes Özeser
CVSS 9.8
Employees Daily Task Management System 1.0 - 'username' SQLi Authentication Bypass
by able403
Employees Daily Task Management System 1.0 - 'multiple' Cross Site Scripting (XSS)
by able403
Grafana Plugin Path Traversal
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
by s1gh
CVSS 7.5
Raspberry Pi OS <5.10 - Privilege Escalation
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.
by netspooky
CVSS 9.8
Croogo 3.0.2 - Remote Code Execution via Admin File Manager Attachments Upload
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.
by Deha Berkin Bir
CVSS 8.8
Auerswald COMpact 8.0B - Privilege Escalation
by RedTeam Pentesting GmbH
Auerswald COMpact 5500R <8.0B - RCE
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device.
by RedTeam Pentesting GmbH
CVSS 9.8
Auerswald COMpact 8.0B - Arbitrary File Disclosure
by RedTeam Pentesting GmbH
Auerswald COMfortel 2.8F - Authentication Bypass
by RedTeam Pentesting GmbH
WordPress Plugin Slider by Soliloquy 2.6.2 Stored XSS
Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScript payloads in the title field when creating or editing sliders, which executes in the browsers of users viewing the slider on both administrative and frontend pages.
by Abdurrahman Erkan
CVSS 6.4
Zoomsounds <= 6.45 - Unauthenticated Arbitrary File Read via dzsap_download Action
The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.
by Uriel Yochpaz
CVSS 7.5
WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion (LFI)
by Mohamed Magdy Abumusilm
Online Pre-owned/Used Car Showroom Management System 1.0 - SQL Injection Authentication Bypass via Login Form
Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application.
by Mohamed habib Smidi
CVSS 9.8
Online Magazine Management System 1.0 - SQL Injection Authentication Bypass via Login Form
Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.
by Mohamed habib Smidi
CVSS 9.8
MilleGPG5 5.7.2 - Privilege Escalation
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restarts.
by Alessandro Salzano
CVSS 7.8
Sourcecodester Online Enrollment Management System - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter.
by Tushar Jadhav
CVSS 5.4
CodeIgniter4 v4.6.0 - Stored Cross-Site Scripting via Debugbar Time Parameter
A stored cross-site scripting (XSS) vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbar_time parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbar_time, and because debugbar-related data is automatically escaped by the CodeIgniter Parser class.
by Pablo Santiago
CVSS 6.1
OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie
OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover and unauthorized access to user accounts.
by Hubert Wojciechowski
CVSS 9.8
Orangescrum 1.8.0 - Session Cookie Account Takeover
Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized access to another user's account.
by Hubert Wojciechowski
CVSS 8.8
By Source