Exploitdb Exploits
50,076 exploits tracked across all sources.
Men Salon Management System 1.0 - SQL Injection Authentication Bypass
by Akshay Khanna
Panasonic Sanyo CCTV Network Camera 2.03-0x - Cross-Site Request Forgery (Change Password)
by LiquidWorm
Denver SHO-110 - Unauthenticated Snapshot Access via Secondary HTTP Service
Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the 'snapshot' endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment.
by Ivan Nikolsky
Longjing Technology BEMS API <=1.21 - Info Disclosure
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.
by LiquidWorm
IntelliChoice eFORCE Software Suite 2.5.9 - Info Disclosure
IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information.
by LiquidWorm
Care2x Hospital Information Management System < 2.7 - SQL Injection via pday/pmonth/pyear Parameters
SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php.
by securityforeveryone.com
CVSS 9.8
Oracle Fatwire 6.3 - Multiple Vulnerabilities
by J. Francisco Bolivar
CloverDX < 5.7.1 - Cross-Site Request Forgery in Server Console
A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1.
by niebardzo
CVSS 8.8
Denver SHC-150 Smart Wifi Camera - RCE
Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows unauthenticated attackers to access a Linux shell. Attackers can connect to port 23 using the default credential to execute arbitrary commands on the camera's operating system.
by Ivan Nikolsky
CVSS 9.8
TripSpark VEO Transportation - Blind SQL Injection
by Sedric Louissaint
Event Registration System with QR Code 1.0 - Authentication Bypass
by Javier Olmedo
Sourcecodester CRM 1.0 - SQL Injection
An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php.
by Shafique_Wasta
CVSS 9.8
PHP 7.3.15-3 - 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection
by S1lv3r
NoteBurner 2.35 - Denial of Service via License Code Input Buffer Overflow
NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the 'Name' and 'Code' fields to trigger an application crash.
by stresser
CVSS 9.8
Leawo Prof. Media 11.0.0.1 - Denial of Service via Oversized Activation Keycode
Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized payload in the activation keycode field. Attackers can generate a 6000-byte buffer of repeated characters to trigger an application crash when pasted into the registration interface.
by stresser
CVSS 7.5
XOS Shop 1.0.9 - 'Multiple' Arbitrary File Deletion (Authenticated)
by faisalfs10x
Elastic Cloud Enterprise - Info Disclosure
All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could leverage the anonymous user to gain insight into certain details of a deployed cluster.
by Joan Martinez
CVSS 7.5
WordPress Plugin Simple Post 1.1 - 'Text field' Stored Cross-Site Scripting (XSS)
by Vikas Srivastava
Elasticsearch 7.10.0-7.13.3 - Memory Disclosure via Malformed Query Error Message
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.
by r0ny
CVSS 6.5
.NET Framework, SharePoint Server, and Visual Studio - Remote Code Execution via XML Input Deserialization
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
by Podalirius
CVSS 7.8
KevinLAB BEMS 1.0 - File Path Traversal Information Disclosure (Authenticated)
by LiquidWorm
WordPress Plugin KN Fix Your Title 1.0.1 - 'Separator' Stored Cross-Site Scripting (XSS)
by Aakash Choudhary
By Source