Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-47865 EXPLOITDB HIGH python
ProFTPD 1.3.7a - Denial of Service via Multiple Simultaneous FTP Connections
ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access.
by xynmaps
CVSS 7.5
CVE-2021-47864 EXPLOITDB HIGH text
OSAS Traverse Extension 11 - Path Traversal
OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path, potentially gaining elevated system access.
by Johnny Tech
CVSS 7.8
CVE-2021-47863 EXPLOITDB HIGH text
MacPaw Encrypto 1.0.1 - Code Injection
MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables and escalate privileges on Windows systems.
by Ismael Nava
CVSS 7.8
EIP-2026-117896 EXPLOITDB text
SAPSetup Automatic Workstation Update Service 750 - 'NWSAPAutoWorkstationUpdateSvc' Unquoted Service Path
by Alan Mondragon
CVE-2017-1000170 EXPLOITDB HIGH php
jqueryFileTree <2.1.5 - Path Traversal
jqueryFileTree 2.1.5 and older Directory Traversal
by Nicholas Ferreira
CVSS 7.5
CVE-2021-27890 EXPLOITDB HIGH javascript
MyBB < 1.8.26 - SQL Injection via Theme XML File Properties
SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.
by SivertPL
CVSS 8.8
EIP-2026-101339 EXPLOITDB text
KZTech T3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm
by LiquidWorm
CVE-2021-47958 EXPLOITDB MEDIUM
CouchCMS 2.2.1 Server-Side Request Forgery via SVG upload
CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal services and resources.
by xxcdd
CVSS 4.3
CVE-2021-46850 EXPLOITDB HIGH text
myVesta Control Panel <0.9.8-26-43 - Command Injection
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.
by numan türle
CVSS 7.2
CVE-2021-29002 EXPLOITDB MEDIUM text
Plone CMS 5.2.3 - Stored Cross-Site Scripting via Site Control Panel Site Title Parameter
A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.
by Piyush Patil
CVSS 5.4
CVE-2021-47869 EXPLOITDB HIGH text
Brother BRAdmin Professional 3.75 - Local Privilege Escalation
Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files (x86)\Brother\ directory to gain local system privileges.
by Metin Yunus Kandemir
CVSS 7.8
CVE-2021-27969 EXPLOITDB MEDIUM text
Dolphin CMS 7.4.2 - Stored Cross-Site Scripting via Page Builder Width Parameter
Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter.
by Piyush Patil
CVSS 4.8
CVE-2021-28271 EXPLOITDB HIGH text
Soyal Technologies SOYAL 701Server 9.0.1 - Privilege Escalation
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.
by LiquidWorm
CVSS 8.8
CVE-2021-28269 EXPLOITDB HIGH text
Soyal Technology 701Client <9.0.1 - Privilege Escalation
Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions.
by LiquidWorm
CVSS 8.8
EIP-2026-117118 EXPLOITDB text
Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path
by Riadh Bouchahoua
EIP-2026-111522 EXPLOITDB python
Profiling System for Human Resource Management 1.0 - Remote Code Execution (Unauthenticated)
by Christian Vierschilling
EIP-2026-110150 EXPLOITDB text
Online News Portal 1.0 - 'name' SQL Injection
by Richard Jones
EIP-2026-110149 EXPLOITDB text
Online News Portal 1.0 - 'Multiple' Stored Cross-Site Scripting
by Richard Jones
CVE-2019-12962 EXPLOITDB MEDIUM text
LiveZilla < 8.0.1.1 - Cross-Site Scripting via Accept-Language HTTP Header
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
by Clément Cruchet
CVSS 6.1
EIP-2026-102026 EXPLOITDB text
SOYAL Biometric Access Control System 5.0 - Master Code Disclosure
by LiquidWorm
EIP-2026-102025 EXPLOITDB html
SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF
by LiquidWorm
EIP-2026-101827 EXPLOITDB text
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution
by LiquidWorm
EIP-2026-101826 EXPLOITDB text
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated)
by LiquidWorm
EIP-2026-101825 EXPLOITDB text
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)
by LiquidWorm
EIP-2026-101824 EXPLOITDB text
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated)
by LiquidWorm