Exploitdb Exploits

EIP-2026-101261 EXPLOITDB text

ECOA Building Automation System - Hard-coded Credentials SSH Access

by Neurogenesia

View

EIP-2026-101123 EXPLOITDB text

ECOA Building Automation System - Missing Encryption Of Sensitive Information

by Neurogenesia

View

EIP-2026-105652 EXPLOITDB text VERIFIED

Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting (XSS)

by Emre Aslan

View

EIP-2026-114106 EXPLOITDB text

WordPress Plugin TablePress 1.14 - CSV Injection

by Nikhil Kapoor

View

EIP-2026-114233 EXPLOITDB text

WordPress Plugin WP Sitemap Page 1.6.4 - Stored Cross-Site Scripting (XSS)

by Nikhil Kapoor

View

EIP-2026-114104 EXPLOITDB python

WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection (2)

by Mohin Paramasivam

View

CVE-2022-29008 EXPLOITDB MEDIUM text VERIFIED

Bus Pass Management System v1.0 - Info Disclosure

An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information.

by sudoninja

CVSS 6.5

View

CVE-2021-47791 EXPLOITDB HIGH python

Smartftp - Resource Allocation Without Limits

SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers to crash the application through specific input manipulation. Attackers can trigger crashes by entering malformed paths, using invalid IP addresses, or clearing connection history in the client's interface.

by Eric Salario

CVSS 7.5

View

CVE-2021-40903 EXPLOITDB CRITICAL text

Antminer Monitor 0.50.0 - Backdoor

A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly generated, however it is static.

by Vulnz

CVSS 9.8

View

EIP-2026-116810 EXPLOITDB text

Argus Surveillance DVR 4.0 - Unquoted Service Path

by Salman Asad

View

EIP-2026-110492 EXPLOITDB python

Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload

by a-rey

View

EIP-2026-110491 EXPLOITDB python

Patient Appointment Scheduler System 1.0 - Persistent Cross-Site Scripting

by a-rey

View

CVE-2021-40352 EXPLOITDB MEDIUM text

OpenEMR 6.0.0 - Info Disclosure

OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.

by Allen Enosh Upputori

CVSS 6.5

View

CVE-2021-39608 EXPLOITDB HIGH python

Flatcore-cms - Unrestricted File Upload

Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code.

by Mason Soroka-Gill

CVSS 7.2

View

CVE-2021-47792 EXPLOITDB HIGH text

Remote Mouse 4.002 - Privilege Escalation

Remote Mouse 4.002 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the RemoteMouseService to inject malicious executables and gain administrative access.

by Salman Asad

CVSS 7.8

View

CVE-2021-40651 EXPLOITDB MEDIUM text

OS4Ed OpenSIS Community 8.0 - Info Disclosure

OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.

by Eric Salario

CVSS 6.5

View

CVE-2022-43138 EXPLOITDB CRITICAL text

Dolibarr Open Source ERP & CRM <14.0.1 - Privilege Escalation

Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.

by Vishwaraj Bhattrai

CVSS 9.8

View

CVE-2021-40309 EXPLOITDB HIGH text

OpenSIS 8.0 - SQL Injection

A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability.

by Eric Salario

CVSS 8.8

View

EIP-2026-113694 EXPLOITDB text VERIFIED

WordPress Plugin Duplicate Page 4.4.1 - Stored Cross-Site Scripting (XSS)

by Nikhil Kapoor

View

EIP-2026-104505 EXPLOITDB text

WPanel 4.3.1 - Remote Code Execution (RCE) (Authenticated)

by Sentinal920

View

CVE-2021-40379 EXPLOITDB HIGH text

Compro - Info Disclosure

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rstp://.../medias2 does not require authorization.

by icekam

CVSS 7.5

View

CVE-2021-40380 EXPLOITDB HIGH text

Compro - Info Disclosure

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. cameralist.cgi and setcamera.cgi disclose credentials.

by icekam

CVSS 7.5

View

CVE-2021-40378 EXPLOITDB HIGH text

Compro - Info Disclosure

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device.

by icekam

CVSS 8.1

View

CVE-2021-40382 EXPLOITDB HIGH text

Compro IP70/IP570/TN540 <2.08 - Info Disclosure

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. mjpegStreamer.cgi allows video screenshot access.

by icekam

CVSS 7.5

View

CVE-2021-40381 EXPLOITDB HIGH text

Compro IP70/IP570/IP60/TN540 <2.08 - Info Disclosure

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. index_MJpeg.cgi allows video access.

by icekam

CVSS 7.5

View