Exploitdb Exploits
50,076 exploits tracked across all sources.
ProFTPD 1.3.7a - Denial of Service via Multiple Simultaneous FTP Connections
ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access.
by xynmaps
CVSS 7.5
OSAS Traverse Extension 11 - Path Traversal
OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path, potentially gaining elevated system access.
by Johnny Tech
CVSS 7.8
MacPaw Encrypto 1.0.1 - Code Injection
MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables and escalate privileges on Windows systems.
by Ismael Nava
CVSS 7.8
SAPSetup Automatic Workstation Update Service 750 - 'NWSAPAutoWorkstationUpdateSvc' Unquoted Service Path
by Alan Mondragon
jqueryFileTree <2.1.5 - Path Traversal
jqueryFileTree 2.1.5 and older Directory Traversal
by Nicholas Ferreira
CVSS 7.5
MyBB < 1.8.26 - SQL Injection via Theme XML File Properties
SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.
by SivertPL
CVSS 8.8
KZTech T3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm
by LiquidWorm
CouchCMS 2.2.1 Server-Side Request Forgery via SVG upload
CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal services and resources.
by xxcdd
CVSS 4.3
myVesta Control Panel <0.9.8-26-43 - Command Injection
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.
by numan türle
CVSS 7.2
Plone CMS 5.2.3 - Stored Cross-Site Scripting via Site Control Panel Site Title Parameter
A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.
by Piyush Patil
CVSS 5.4
Brother BRAdmin Professional 3.75 - Local Privilege Escalation
Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files (x86)\Brother\ directory to gain local system privileges.
by Metin Yunus Kandemir
CVSS 7.8
Dolphin CMS 7.4.2 - Stored Cross-Site Scripting via Page Builder Width Parameter
Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter.
by Piyush Patil
CVSS 4.8
Soyal Technologies SOYAL 701Server 9.0.1 - Privilege Escalation
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.
by LiquidWorm
CVSS 8.8
Soyal Technology 701Client <9.0.1 - Privilege Escalation
Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions.
by LiquidWorm
CVSS 8.8
Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path
by Riadh Bouchahoua
Profiling System for Human Resource Management 1.0 - Remote Code Execution (Unauthenticated)
by Christian Vierschilling
Online News Portal 1.0 - 'Multiple' Stored Cross-Site Scripting
by Richard Jones
LiveZilla < 8.0.1.1 - Cross-Site Scripting via Accept-Language HTTP Header
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
by Clément Cruchet
CVSS 6.1
SOYAL Biometric Access Control System 5.0 - Master Code Disclosure
by LiquidWorm
SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF
by LiquidWorm
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution
by LiquidWorm
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated)
by LiquidWorm
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)
by LiquidWorm
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated)
by LiquidWorm
By Source