Exploitdb Exploits
50,135 exploits tracked across all sources.
IntelliChoice eFORCE Software Suite 2.5.9 - Info Disclosure
IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information.
by LiquidWorm
Care2x Hospital Information Management System < 2.7 - SQL Injection
SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php.
by securityforeveryone.com
CVSS 9.8
Oracle Fatwire 6.3 - Multiple Vulnerabilities
by J. Francisco Bolivar
CloverDX <5.9.0 - CSRF
A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1.
by niebardzo
CVSS 8.8
Denver SHC-150 Smart Wifi Camera - RCE
Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows unauthenticated attackers to access a Linux shell. Attackers can connect to port 23 using the default credential to execute arbitrary commands on the camera's operating system.
by Ivan Nikolsky
CVSS 9.8
TripSpark VEO Transportation - Blind SQL Injection
by Sedric Louissaint
Event Registration System with QR Code 1.0 - Authentication Bypass
by Javier Olmedo
Sourcecodester CRM 1.0 - SQL Injection
An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php.
by Shafique_Wasta
CVSS 9.8
PHP 7.3.15-3 - 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection
by S1lv3r
NoteBurner 2.35 - Buffer Overflow
NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the 'Name' and 'Code' fields to trigger an application crash.
by stresser
CVSS 9.8
Leawo Prof. Media 11.0.0.1 - DoS
Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized payload in the activation keycode field. Attackers can generate a 6000-byte buffer of repeated characters to trigger an application crash when pasted into the registration interface.
by stresser
CVSS 7.5
XOS Shop 1.0.9 - 'Multiple' Arbitrary File Deletion (Authenticated)
by faisalfs10x
Elastic Cloud Enterprise - Info Disclosure
All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could leverage the anonymous user to gain insight into certain details of a deployed cluster.
by Joan Martinez
CVSS 7.5
WordPress Plugin Simple Post 1.1 - 'Text field' Stored Cross-Site Scripting (XSS)
by Vikas Srivastava
Elasticsearch < 7.13.3 - Information Disclosure
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.
by r0ny
CVSS 6.5
Microsoft .net Core < 15.9 - Remote Code Execution
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
by Podalirius
CVSS 7.8
KevinLAB BEMS 1.0 - File Path Traversal Information Disclosure (Authenticated)
by LiquidWorm
WordPress Plugin KN Fix Your Title 1.0.1 - 'Separator' Stored Cross-Site Scripting (XSS)
by Aakash Choudhary
Webmin - XSS
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.
by Mesh3l_911
CVSS 9.6
WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting (XSS)
by Vikas Srivastava
WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation
by nhattruong
LearnPress <3.2.6.7 - SQL Injection
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
by nhattruong
CVSS 8.8
By Source