Exploitdb Exploits
50,135 exploits tracked across all sources.
Croogo 3.0.2 - 'Multiple' Stored Cross-Site Scripting (XSS)
by Enes Özeser
Cybelesoft Thinfinity Virtualui < 3.0 - Information Disclosure
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists.
by Daniel Morales
CVSS 5.3
Softlinkint Oliver V5 Library - Download Without Integrity Check
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.
by Mandeep Singh
CVSS 7.5
Softlinkint Oliver V5 Library < 8.00.008.053 - Path Traversal
Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'fileName' parameter to download sensitive files from the server's filesystem.
by Mandeep Singh
CVSS 7.5
Laravel Valet <2.0.3 - Privilege Escalation
Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication.
by leonjza
CVSS 8.4
meterN 1.2.3 - Authenticated RCE
meterN 1.2.3 contains an authenticated remote code execution vulnerability in admin_meter2.php and admin_indicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges.
by LiquidWorm
CVSS 8.8
Zucchetti Axess CLOKI Access Control 1.64 - CSRF
Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking authenticated users into loading the page.
by LiquidWorm
CVSS 3.5
Online Thesis Archiving System - SQL Injection
Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection
by Yehia Elghaly
CVSS 9.8
Microsoft Internet Explorer / ActiveX Control - Security Bypass
by hyp3rlinx
WordPress Plugin Typebot 1.4.3 - Stored Cross Site Scripting (XSS) (Authenticated)
by Mansi Singh
phpscheduleit Booked Scheduler <2.7.5 - RCE
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension.
by 0sunday
CVSS 8.8
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
by leonjza
CVSS 10.0
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
by kozmer
CVSS 10.0
WebHMI - Code Injection
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.
by Jeremiasz Pluta
CVSS 10.0
Hd-network Real-time Monitoring System - Path Traversal
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter.
by Momen Eldawakhly
CVSS 7.5
Sourcecodester Free school management software 1.0 - RCE
An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "<?php system($_GET["cmd"]); ?>" gets uploaded it is saved into /uploads/exam_question/ directory, and is accessible by all users.
by fuzzyap1
CVSS 9.8
Free School Management Software 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)
by fuzzyap1
Limesurvey - Unrestricted File Upload
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. NOTE: the Supplier's position is that plugins intentionally can contain arbitrary PHP code, and can only be installed by a superadmin, and therefore the security model is not violated by this finding.
by Y1LD1R1M
CVSS 8.8
Wordpress Plugin Catch Themes Demo Import RCE
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.
by Ron Jost
CVSS 7.2
MTPutty 1.0.1.21 - Info Disclosure
MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes, exposing plaintext SSH credentials.
by Sedat Ozdemir
CVSS 6.2
Chikitsa Patient Management System - Unrestricted File Upload
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables arbitrary command execution on the server through a weaponized PHP script.
by 0z09e
CVSS 8.8
Chikitsa Patient Management System - Unrestricted File Upload
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability in the backup restoration functionality. Authenticated attackers can upload a modified backup zip file with a malicious PHP shell to execute arbitrary system commands on the server.
by 0z09e
CVSS 8.8
TestLink 1.19 - Arbitrary File Download (Unauthenticated)
by Gonzalo Villegas
Kabir Alhasan Student Management System 1.0 - Auth Bypass
Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".
by Enes Özeser
CVSS 9.8
By Source