Exploitdb Exploits
50,135 exploits tracked across all sources.
HFS (HTTP File Server) 2.3.x - Remote Command Execution (3)
by Pergyz
Monica 2.19.1 - XSS
The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.
by BouSalman
CVSS 5.4
OpenText Content Server <20.3 - XSS
There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized.
by Kamil Breński
CVSS 5.4
PEEL Shopping 9.3.0 - XSS
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution.
by Anmol K Sachan
CVSS 7.2
dataSIMS Avionics ARINC 664-1 <4.5.3 - Buffer Overflow
dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to overwrite memory by manipulating the milstd1553result.txt file. Attackers can craft a malicious file with carefully constructed payload and alignment sections to potentially execute arbitrary code on the Windows system.
by Kağan Çapar
CVSS 8.4
PHPGurukul Beauty Parlour Mgmt <1.0 - SQL Injection
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.
by Thinkland Security Team
CVSS 6.5
Online Exam System With Timer 1.0 - 'email' SQL injection Auth Bypass
by Suresh Kumar
Comment System 1.0 - 'multiple' Stored Cross-Site Scripting
by Pintu Solanki
Batflat CMS 1.3.6 - Remote Code Execution (Authenticated)
by mari0x00
Faulty Evaluation System 1.0 - 'multiple' Stored Cross-Site Scripting
by Suresh Kumar
Billing Management System 2.0 - 'email' SQL injection Auth Bypass
by Pintu Solanki
Nsasoft Nsauditor - Resource Allocation Without Limits
Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event Description field to trigger an application crash.
by Ismael Nava
CVSS 7.5
Managed Switch Port Mapping Tool <2.85.2 - DoS
Managed Switch Port Mapping Tool 2.85.2 contains a denial of service vulnerability that allows attackers to crash the application by creating an oversized buffer. Attackers can generate a 10,000-character buffer and paste it into the IP Address and SNMP Community Name fields to trigger the application crash.
by Ismael Nava
CVSS 7.5
AgataSoft PingMaster Pro 2.1 - DoS
AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing the host name input field. Attackers can generate a 10,000-character buffer and paste it into the host name field to trigger an application crash and potential system instability.
by Ismael Nava
CVSS 7.5
BlackCat CMS 1.3.6 - XSS
The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.
by Kamaljeet Kumar
CVSS 4.8
Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass
by Christian Vierschilling
Phpgurukul Teachers Record Management System - SQL Injection
Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.
by Soham Bakore
CVSS 9.8
Tasks <9.7.3 - Privilege Escalation
"Tasks" application version before 9.7.3 is affected by insecure permissions. The VoiceCommandActivity application component allows arbitrary applications on a device to add tasks with no restrictions.
by Lyhin\'s Lab
CVSS 6.8
TestLink 1.9.20 - RCE
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application.
by snovvcrash
CVSS 8.8
Sourcecodester School File Mgmt 1.0 - XSS
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php.
by Pintu Solanki
CVSS 5.4
PDF Complete Corporate Edition 4.1.45 - Code Injection
PDF Complete Corporate Edition 4.1.45 contains an unquoted service path vulnerability in the pdfcDispatcher service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service binary location to inject malicious executables that will be run with elevated LocalSystem privileges.
by Ismael Nava
CVSS 7.8
By Source