Exploitdb Exploits
50,135 exploits tracked across all sources.
jqueryFileTree <2.1.5 - Path Traversal
jqueryFileTree 2.1.5 and older Directory Traversal
by Nicholas Ferreira
CVSS 7.5
MyBB <1.8.26 - SQL Injection
SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.
by SivertPL
CVSS 8.8
KZTech T3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm
by LiquidWorm
myVesta Control Panel <0.9.8-26-43 - Command Injection
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.
by numan türle
CVSS 7.2
Plone - XSS
A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.
by Piyush Patil
CVSS 5.4
Brother BRAdmin Professional 3.75 - Local Privilege Escalation
Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files (x86)\Brother\ directory to gain local system privileges.
by Metin Yunus Kandemir
CVSS 7.8
Dolphin CMS 7.4.2 - XSS
Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter.
by Piyush Patil
CVSS 4.8
Soyal Technologies SOYAL 701Server 9.0.1 - Privilege Escalation
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.
by LiquidWorm
CVSS 8.8
Soyal Technology 701Client <9.0.1 - Privilege Escalation
Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions.
by LiquidWorm
CVSS 8.8
Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path
by Riadh Bouchahoua
Profiling System for Human Resource Management 1.0 - Remote Code Execution (Unauthenticated)
by Christian Vierschilling
Online News Portal 1.0 - 'Multiple' Stored Cross-Site Scripting
by Richard Jones
Livezilla < 8.0.1.1 - XSS
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
by Clément Cruchet
CVSS 6.1
SOYAL Biometric Access Control System 5.0 - Master Code Disclosure
by LiquidWorm
SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF
by LiquidWorm
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution
by LiquidWorm
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated)
by LiquidWorm
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)
by LiquidWorm
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated)
by LiquidWorm
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass
by LiquidWorm
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access
by LiquidWorm
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated)
by LiquidWorm
VFS for Git 1.0.21014.1 - Privilege Escalation
VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem privileges during service startup or system reboot.
by Mohammed Alshehri
CVSS 7.8
By Source