Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-47845 EXPLOITDB HIGH text
Spy Emergency 25.0.650 - Privilege Escalation
Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted file paths in SpyEmergencyHealth.exe and SpyEmergencySrv.exe to inject malicious code during system startup or service restart.
by Erick Galindo
CVSS 7.8
CVE-2021-47810 EXPLOITDB HIGH text
WibuKey Runtime 6.51 - Code Injection
WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and escalate privileges.
by Brian Rodriguez
CVSS 7.8
EIP-2026-118006 EXPLOITDB text
Tftpd64 4.64 - 'Tftpd32_svc' Unquoted Service Path
by Brian Rodriguez
EIP-2026-112436 EXPLOITDB text
Stock Management System 1.0 - 'user_id' Blind SQL injection (Authenticated)
by Riadh Benlamine
EIP-2026-112222 EXPLOITDB text
Small CRM 3.0 - 'Authentication Bypass' SQL Injection
by BHAVESH KAUL
CVE-2018-15139 EXPLOITDB HIGH python
OpenEMR < 5.0.1.4 - Authenticated Arbitrary PHP File Upload via Site Files Manager
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.
by Ron Jost
CVSS 8.8
CVE-2020-11060 EXPLOITDB HIGH python
GLPI < 9.4.6 - Authenticated Remote Code Execution via Backup Functionality
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks. This is fixed in version 9.4.6.
by Brian Peters
CVSS 7.4
EIP-2026-106200 EXPLOITDB text
COVID19 Testing Management System 1.0 - 'State' Stored Cross-Site-Scripting (XSS)
by BHAVESH KAUL
CVE-2021-34370 EXPLOITDB MEDIUM text
Accela Civic Platform <= 20.1 - Cross-Site Scripting via ssoAdapter/logoutAction.do successURL Parameter
Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information.
by Abdulazeez Alaseeri
CVSS 6.1
CVE-2021-34369 EXPLOITDB MEDIUM text
Accela Civic Platform <20.1 - Info Disclosure
portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable.
by Abdulazeez Alaseeri
CVSS 6.5
EIP-2026-102183 EXPLOITDB python
Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC)
by Geovanni Ruiz
EIP-2026-102180 EXPLOITDB python
Post-it 5.0.1 - Denial of Service (PoC)
by Geovanni Ruiz
EIP-2026-102176 EXPLOITDB python
Notex the best notes 6.4 - Denial of Service (PoC)
by Geovanni Ruiz
CVE-2021-47811 EXPLOITDB CRITICAL text
grocery_crud < 2.0.1 - SQL Injection via order_by Parameter
Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order_by parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the order_by[] parameter in POST requests to the ajax_list endpoint to potentially extract or modify database information.
by TonyShavez
CVSS 9.1
CVE-2021-34544 EXPLOITDB MEDIUM text
Solar-Log 500 < 2.8.2 - Cleartext Storage of Sensitive Information in Export and Notification Pages
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. Fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.
by Luca.Chiou
CVSS 6.5
CVE-2021-34543 EXPLOITDB HIGH text
Solar-Log 500 < 2.8.2 - Unauthenticated Administrative Access
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. Fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.
by Luca.Chiou
CVSS 7.5
CVE-2021-27200 EXPLOITDB CRITICAL python
WoWonder 3.0.4 - Account Takeover via Weak Cryptographic Algorithm in recover.php
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.
by securityforeveryone.com
CVSS 9.8
CVE-2021-31950 EXPLOITDB HIGH python
Microsoft SharePoint Server - Server-Side Request Forgery
Microsoft SharePoint Server Spoofing Vulnerability
by Alex Birnberg
CVSS 7.6
CVE-2021-27673 EXPLOITDB MEDIUM text
Tribal Systems Zenario CMS <8.8.52729 - XSS
Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.
by Avinash R
CVSS 4.8
CVE-2021-24174 EXPLOITDB HIGH html
Database Backups WordPress Plugin <= 1.2.2.6 - Cross-Site Request Forgery
The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups.
by 0xB9
CVSS 8.1
CVE-2017-9380 EXPLOITDB HIGH python
OpenEMR < 5.0.0 - Authenticated Arbitrary File Upload and Remote Code Execution
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
by Ron Jost
CVSS 8.8
CVE-2019-25046 EXPLOITDB MEDIUM text
Cerberus FTP Server <10.0.19, <11.0.4 - XSS
The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document.
by Mohammad Hossein Kaviyany
CVSS 6.1
CVE-2021-33904 EXPLOITDB MEDIUM text
Accela Civic Platform < 21.1 - Cross-Site Scripting via servProvCode Parameter
In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information.
by Abdulazeez Alaseeri
CVSS 6.1
CVE-2021-47973 EXPLOITDB HIGH python
Sticky Notes Widget 3.0.6 Denial of Service via Buffer Overflow
Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash on iOS devices.
by Geovanni Ruiz
CVSS 7.5
CVE-2021-47944 EXPLOITDB HIGH python
memono Notepad 4.2 Denial of Service via Buffer Overflow
memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash on iOS devices.
by Geovanni Ruiz
CVSS 7.5