Exploitdb Exploits
50,135 exploits tracked across all sources.
e107 <2.3.0 - Info Disclosure
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
by Tadjmen
CVSS 8.8
Local Services Search Engine Management System (LSSMES) 1.0 - Blind & Error based SQL injection (Authenticated)
by Tushar Vaidya
Local Services Search Engine Management System (LSSMES) 1.0 - 'name' Persistent Cross-Site Scripting (XSS)
by Tushar Vaidya
AnyDesk <5.5.3 - RCE
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
by scryh
CVSS 9.8
Web Based Quiz System 1.0 - XSS
Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in register.php through the name parameter.
by P.Naveen Kumar
CVSS 6.1
Web Based Quiz System 1.0 - XSS
Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options parameter.
by Praharsh Kumar Singh
CVSS 6.1
Zen Cart 1.5.7b - Command Injection
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.
by Mücahit Saratar
CVSS 7.2
Tt-rss Tiny Tiny Rss < 2020-09-16 - Improper Input Validation
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.
by Daniel Neagaru
CVSS 9.8
WiFi Mouse - RCE
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
by H4rk3nz0
CVSS 9.8
Online Catering Reservation System 1.0 - Remote Code Execution (Unauthenticated)
by Christian Vierschilling
Covid-19 Contact Tracing System 1.0 - Remote Code Execution (Unauthenticated)
by Christian Vierschilling
Vmware Cloud Foundation < 3.10.1.2 - Path Traversal
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
by Photubias
CVSS 9.8
Fortilogger < 5.2.0 - Unrestricted File Upload
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.
by Berkan Er
CVSS 9.8
Skittles Employee Records System - Unrestricted File Upload
Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side validation. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
by sml
CVSS 9.8
Triconsole Datepicker Calendar <3.77 - XSS
Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
by Akash Chathoth
CVSS 6.1
Remote Desktop Web Access - Authentication Timing Attack (Metasploit Module)
by Matthew Dunn
Lightcms - XSS
A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.
by Peithon
CVSS 5.4
Vehicle Parking Management System 1.0 - XSS
A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field.
by Tushar Vaidya
CVSS 4.8
Unified Remote 3.9.0.2463 - RCE
Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads.
by H4rk3nz0
CVSS 9.8
LogonExpert 8.1 - Privilege Escalation
LogonExpert 8.1 contains an unquoted service path vulnerability in the LogonExpertSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to place malicious executables in intermediate directories, potentially gaining elevated system access during service startup.
by Victor Mondragón
CVSS 7.8
Softros LAN Messenger 9.6.4 - Code Injection
Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker\' to inject malicious executables and escalate privileges.
by Victor Mondragón
CVSS 7.8
Nsasoft US LLC SpotAuditor <5.3.5 - Buffer Overflow
An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering.
by Sinem Şahin
CVSS 7.5
SpotAuditor 5.3.5 - 'multiple' Denial Of Service (PoC)
by Sinem Şahin
By Source