Exploitdb Exploits
50,076 exploits tracked across all sources.
Spy Emergency 25.0.650 - Privilege Escalation
Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted file paths in SpyEmergencyHealth.exe and SpyEmergencySrv.exe to inject malicious code during system startup or service restart.
by Erick Galindo
CVSS 7.8
WibuKey Runtime 6.51 - Code Injection
WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and escalate privileges.
by Brian Rodriguez
CVSS 7.8
Tftpd64 4.64 - 'Tftpd32_svc' Unquoted Service Path
by Brian Rodriguez
Stock Management System 1.0 - 'user_id' Blind SQL injection (Authenticated)
by Riadh Benlamine
Small CRM 3.0 - 'Authentication Bypass' SQL Injection
by BHAVESH KAUL
OpenEMR < 5.0.1.4 - Authenticated Arbitrary PHP File Upload via Site Files Manager
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.
by Ron Jost
CVSS 8.8
GLPI < 9.4.6 - Authenticated Remote Code Execution via Backup Functionality
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks. This is fixed in version 9.4.6.
by Brian Peters
CVSS 7.4
COVID19 Testing Management System 1.0 - 'State' Stored Cross-Site-Scripting (XSS)
by BHAVESH KAUL
Accela Civic Platform <= 20.1 - Cross-Site Scripting via ssoAdapter/logoutAction.do successURL Parameter
Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information.
by Abdulazeez Alaseeri
CVSS 6.1
Accela Civic Platform <20.1 - Info Disclosure
portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable.
by Abdulazeez Alaseeri
CVSS 6.5
Secure Notepad Private Notes 3.0.3 - Denial of Service (PoC)
by Geovanni Ruiz
Notex the best notes 6.4 - Denial of Service (PoC)
by Geovanni Ruiz
grocery_crud < 2.0.1 - SQL Injection via order_by Parameter
Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order_by parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the order_by[] parameter in POST requests to the ajax_list endpoint to potentially extract or modify database information.
by TonyShavez
CVSS 9.1
Solar-Log 500 < 2.8.2 - Cleartext Storage of Sensitive Information in Export and Notification Pages
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. Fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.
by Luca.Chiou
CVSS 6.5
Solar-Log 500 < 2.8.2 - Unauthenticated Administrative Access
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. Fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.
by Luca.Chiou
CVSS 7.5
WoWonder 3.0.4 - Account Takeover via Weak Cryptographic Algorithm in recover.php
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.
by securityforeveryone.com
CVSS 9.8
Microsoft SharePoint Server - Server-Side Request Forgery
Microsoft SharePoint Server Spoofing Vulnerability
by Alex Birnberg
CVSS 7.6
Tribal Systems Zenario CMS <8.8.52729 - XSS
Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.
by Avinash R
CVSS 4.8
Database Backups WordPress Plugin <= 1.2.2.6 - Cross-Site Request Forgery
The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups.
by 0xB9
CVSS 8.1
OpenEMR < 5.0.0 - Authenticated Arbitrary File Upload and Remote Code Execution
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
by Ron Jost
CVSS 8.8
Cerberus FTP Server <10.0.19, <11.0.4 - XSS
The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document.
by Mohammad Hossein Kaviyany
CVSS 6.1
Accela Civic Platform < 21.1 - Cross-Site Scripting via servProvCode Parameter
In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information.
by Abdulazeez Alaseeri
CVSS 6.1
Sticky Notes Widget 3.0.6 Denial of Service via Buffer Overflow
Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash on iOS devices.
by Geovanni Ruiz
CVSS 7.5
memono Notepad 4.2 Denial of Service via Buffer Overflow
memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash on iOS devices.
by Geovanni Ruiz
CVSS 7.5
By Source