Exploitdb Exploits
50,135 exploits tracked across all sources.
RarmaRadio 2.72.8 - DoS
RarmaRadio 2.72.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing network configuration fields with large character buffers. Attackers can generate a 100,000 character buffer and paste it into multiple network settings fields to trigger application instability and potential crash.
by Ismael Nava
CVSS 7.5
Pluck CMS <4.7.13 - RCE
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
by Ron Jost
CVSS 7.2
Codiad 2.8.4 - Command Injection
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.
by Ron Jost
CVSS 7.2
ProFTPD 1.3.5 - RCE
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
by Shellbr3ak
Gadget Works Online Ordering System - XSS
A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gadget Works Online Ordering System in PHP/MySQLi 1.0 via the Category parameter in an add function in category/index.php.
by Vinay H C
CVSS 5.4
WordPress Plugin Cookie Law Bar 1.2.1 - 'clb_bar_msg' Stored Cross-Site Scripting (XSS)
by Mesut Cetin
Shopizer <2.17.0 - XSS
A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL.
by Marek Toth
CVSS 4.8
iDailyDiary 4.30 - DoS
iDailyDiary 4.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the preferences tab name field. Attackers can paste a 2,000,000 character buffer into the default diary tab name to trigger an application crash.
by Ismael Nava
CVSS 7.5
Acer ePowerSvc 6.0.3008.0 - Privilege Escalation
Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.
by Emmanuel Lujan
CVSS 7.8
DiskBoss Service 12.2.18 - Privilege Escalation
DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path locations to gain system-level access during service startup.
by Erick Galindo
CVSS 7.8
Catzsoft Redi Restaurant Reservation < 21.0426 - XSS
The ReDi Restaurant Reservation WordPress plugin before 21.0426 provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcoming' page provided by the plugin. An unauthenticated user can fill in the form to make a restaurant reservation. The form to make a restaurant reservation field called 'Comment' does not use proper input validation and can be used to store XSS payloads. The XSS payloads will be executed when the plugin user goes to the 'Upcoming' page, which is an external website https://upcoming.reservationdiary.eu/ loaded in an iframe, and the stored reservation with XSS payload is loaded.
by Bastijn Ouwendijk
CVSS 6.1
Schlix CMS 2.2.6-6 - Arbitary File Upload (Authenticated)
by Emir Polat
Codiad Web IDE <2.8.4 - Code Injection
Codiad Web IDE through 2.8.4 allows PHP Code injection.
by Ron Jost
CVSS 9.8
Shopizer <2.17.0 - XSS
A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration. It is saved in the database. The code is executed for any user of store administration when information is fetched from the backend, e.g., in admin/customers/list.html.
by Marek Toth
CVSS 4.8
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by mekhalleh
CVSS 9.1
Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code
by BestEffort Team
Dell Dbutil < 2.3 - Denial of Service
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
by Paolo Stagno
CVSS 8.8
Oracle Solaris 10-11 - Privilege Escalation
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
by legend
CVSS 10.0
WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection (Unauthenticated)
by Mansoor R
Acer Backup Manager 3.0.0.99 - Code Injection
Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnerability in the NTI IScheduleSvc service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\NTI\Acer Backup Manager\ to inject malicious executables that would run with elevated LocalSystem privileges.
by Emmanuel Lujan
CVSS 7.8
Acer Updater Service 1.2.3500.0 - Privilege Escalation
Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files\Acer\Acer Updater\ to inject malicious executables that will run with LocalSystem permissions during service startup.
by Emmanuel Lujan
CVSS 7.8
ASUS HID Access Service 1.0.94.0 - 'AsHidSrv.exe' Unquoted Service Path
by Alejandra Sánchez
COVID19 Testing Management System 1.0 - SQL Injection
COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel.
by Rohit Burke
CVSS 9.8
COVID19 Testing Management System 1.0 - XSS
COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin name" parameter.
by Rohit Burke
CVSS 4.8
By Source