Exploitdb Exploits
50,135 exploits tracked across all sources.
Chevereto < 3.17.1 - XSS
Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage.
by Akıner Kısa
CVSS 6.1
DHCP Broadband 4.1.0.1503 - Code Injection
DHCP Broadband 4.1.0.1503 contains an unquoted service path vulnerability in its service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files\DHCP Broadband 4\dhcpt.exe' to inject malicious code that will execute during service startup with LocalSystem permissions.
by Erick Galindo
CVSS 7.8
BOOTP Turbo <2.0.0.1253 - Code Injection
BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to execute arbitrary code with elevated LocalSystem privileges during system startup or reboot.
by Erick Galindo
CVSS 7.8
TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path
by Erick Galindo
PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)
by Tyler Butler
Microweber < 1.1.20 - Path Traversal
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously constructed ZIP file with file paths including relative paths (i.e., ../../), move this file into the backup directory, and execute a restore on this file.
by sl1nki
CVSS 7.2
Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting (Authenticated)
by Reza Afsahi
WifiHotSpot 1.0.0.0 - Code Injection
WifiHotSpot 1.0.0.0 contains an unquoted service path vulnerability in its WifiHotSpotService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions.
by Erick Galindo
CVSS 7.8
Sandboxie 5.49.7 - DoS
Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash.
by Erick Galindo
CVSS 7.5
Epic Games Easy Anti-Cheat 4.0 - Code Injection
Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path that would execute with LocalSystem privileges during application startup.
by LiquidWorm
CVSS 8.4
Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path
by Erick Galindo
Voting System 1.0 - Remote Code Execution (Unauthenticated)
by secure77
PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection
by Tyler Butler
Human Resource Information System 0.1 - Remote Code Execution (Unauthenticated)
by Reza Afsahi
Schlix CMS 2.2.6-6 - XSS
Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users.
by Emircan Baş
CVSS 6.4
b2evolution <7.2.2-stable - SQL Injection
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.
by nu11secur1ty
CVSS 8.8
Schlix CMS 2.2.6-6 - Remote Code Execution (Authenticated)
by Eren Saraç
Xmind 2020 - XSS
Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, enabling remote code execution through mouse interactions or file opening.
by TaurusOmar
CVSS 6.1
Pabloandumundu Tagstoo - XSS
Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer.
by TaurusOmar
CVSS 5.4
StudyMD 0.3.2 - XSS
StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution.
by TaurusOmar
CVSS 7.2
SnipCommand 0.1.0 - XSS
SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs.
by TaurusOmar
CVSS 6.1
By Source