Exploitdb Exploits
50,135 exploits tracked across all sources.
4images 1.8 - 'limitnumber' SQL Injection (Authenticated)
by Andrey Stoykov
COVID19 Testing Management System 1.0 - 'searchdata' SQL Injection
by Ashish Upsham
Altova Mobiletogether Server < 7.3 - XXE
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.
by RedTeam Pentesting GmbH
CVSS 9.1
IPCop <2.1.9 - Authenticated RCE
IPCop versions up to and including 2.1.9 contain an authenticated remote code execution vulnerability within the web-based administration interface. The email configuration component inserts user-controlled values, including the EMAIL_PW parameter, directly into system-level operations without proper input sanitation. By modifying the email password field to include shell metacharacters and issuing a save-and-test-mail action, an authenticated attacker can execute arbitrary operating system commands with the privileges of the web interface, resulting in full system compromise.
by Mücahit Saratar
CIR 2000 / Gestionale Amica Prodigy v1.7 - Privilege Escalation
A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges.
by Andrea Intilangelo
CVSS 7.8
WordPress Plugin Picture Gallery 1.4.2 - 'Edit Content URL' Stored Cross-Site Scripting (XSS)
by Aryan Chehreghani
Simple Library Management System 1.0 - 'rollno' SQL Injection
by Halit AKAYDIN
Agentejo Cockpit < 0.11.2 - SQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
by Brian Ombongi
CVSS 9.8
MI Stock Browser - Command Injection
Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request.
by Vishwaraj Bhattrai
CVSS 5.3
GFI Archiver < 15.2 - Unrestricted File Upload
File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317.
by Amin Bohio
CVSS 9.8
Cmsuno - XSS
CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme.
by splint3rsec
CVSS 5.4
WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting (XSS)
by Aryan Chehreghani
Qdpm < 9.1 - Path Traversal
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.
by Leon Trappett
CVSS 8.8
Client Management System 1.1 - 'cname' Stored Cross-site scripting (XSS)
by Mohammad Koochaki
Apache Ofbiz - Insecure Deserialization
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
by Adrián Díaz
CVSS 6.1
Hotel Management System 1.0 - Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE)
by Merbin Russel
Neo4j < 3.4.18 - Insecure Deserialization
Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.
by Christopher Ellis
CVSS 9.8
Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting (XSS)
by Mohammad Koochaki
Men Salon Management System 1.0 - SQL Injection Authentication Bypass
by Akshay Khanna
Panasonic Sanyo CCTV Network Camera 2.03-0x - Cross-Site Request Forgery (Change Password)
by LiquidWorm
Denver SHO-110 - Info Disclosure
Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the 'snapshot' endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment.
by Ivan Nikolsky
Longjing Technology BEMS API <=1.21 - Info Disclosure
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.
by LiquidWorm
By Source