Exploitdb Exploits
50,076 exploits tracked across all sources.
Unified Remote 3.9.0.2463 - Remote Code Execution via Crafted Network Packets
Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads.
by H4rk3nz0
CVSS 9.8
LogonExpert 8.1 - Privilege Escalation
LogonExpert 8.1 contains an unquoted service path vulnerability in the LogonExpertSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to place malicious executables in intermediate directories, potentially gaining elevated system access during service startup.
by Victor Mondragón
CVSS 7.8
Softros LAN Messenger 9.6.4 - Code Injection
Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker\' to inject malicious executables and escalate privileges.
by Victor Mondragón
CVSS 7.8
Nsasoft US LLC SpotAuditor <5.3.5 - Buffer Overflow
An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering.
by Sinem Şahin
CVSS 5.5
SpotAuditor 5.3.5 - 'multiple' Denial Of Service (PoC)
by Sinem Şahin
HFS (HTTP File Server) 2.3.x - Remote Command Execution (3)
by Pergyz
Monica 2.19.1 - Stored Cross-Site Scripting via Last Name Field
The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.
by BouSalman
CVSS 5.4
OpenText Content Server <20.3 - XSS
There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized.
by Kamil Breński
CVSS 5.4
PEEL Shopping 9.3.0 - Stored Cross-Site Scripting via Comments / Special Instructions Parameter
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution.
by Anmol K Sachan
CVSS 7.2
dataSIMS Avionics ARINC 664-1 <4.5.3 - Buffer Overflow
dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to overwrite memory by manipulating the milstd1553result.txt file. Attackers can craft a malicious file with carefully constructed payload and alignment sections to potentially execute arbitrary code on the Windows system.
by Kağan Çapar
CVSS 8.4
PHPGurukul Beauty Parlour Mgmt <1.0 - SQL Injection
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.
by Thinkland Security Team
CVSS 6.5
Online Exam System With Timer 1.0 - 'email' SQL injection Auth Bypass
by Suresh Kumar
Comment System 1.0 - 'multiple' Stored Cross-Site Scripting
by Pintu Solanki
Batflat CMS 1.3.6 - Remote Code Execution (Authenticated)
by mari0x00
Faulty Evaluation System 1.0 - 'multiple' Stored Cross-Site Scripting
by Suresh Kumar
Billing Management System 2.0 - 'email' SQL injection Auth Bypass
by Pintu Solanki
Nsauditor 3.2.2.0 - Denial of Service via Event Description Buffer Overflow
Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event Description field to trigger an application crash.
by Ismael Nava
CVSS 7.5
Managed Switch Port Mapping Tool <2.85.2 - DoS
Managed Switch Port Mapping Tool 2.85.2 contains a denial of service vulnerability that allows attackers to crash the application by creating an oversized buffer. Attackers can generate a 10,000-character buffer and paste it into the IP Address and SNMP Community Name fields to trigger the application crash.
by Ismael Nava
CVSS 7.5
AgataSoft PingMaster Pro 2.1 - Denial of Service via Trace Route Host Name Overflow
AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing the host name input field. Attackers can generate a 10,000-character buffer and paste it into the host name field to trigger an application crash and potential system instability.
by Ismael Nava
CVSS 7.5
BlackCat CMS 1.3.6 - Stored Cross-Site Scripting via Display Name Field
The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.
by Kamaljeet Kumar
CVSS 4.8
Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass
by Christian Vierschilling
Teachers Record Management System 1.0 - Unauthenticated SQL Injection via searchteacher Parameter
Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.
by Soham Bakore
CVSS 9.8
By Source