Exploitdb Exploits
50,135 exploits tracked across all sources.
WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities
by Erik David Martin
WordPress Plugin Supsystic Backup 2.3.9 - Local File Inclusion
by Erik David Martin
SmartFoxServer 2X 2.17.0 - God Mode Console WebSocket XSS
by LiquidWorm
Jenzabar < 9.2.2 - XSS
Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.
by y0ung_dst
CVSS 6.1
SmartFoxServer 2X 2.17.0 - God Mode Console Remote Code Execution
by LiquidWorm
SmartFoxServer 2X 2.17.0 - Credentials Disclosure
by LiquidWorm
PhreeBooks 5.2.3 - Authenticated RCE
PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server.
by Kr0ff
CVSS 8.8
LiteSpeed Web Server Enterprise 5.4.11 - Command Injection
LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path traversal and bash command injection.
by SunCSR
CVSS 8.8
Phpgurukul Car Rental Portal - Unrestricted File Upload
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php.
by Jannick Tiger
CVSS 9.8
Pixelimity 1.0 - CSRF
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.
by Noth
CVSS 6.8
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
by nu11secur1ty
CVSS 7.8
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
by West Shepherd
CVSS 7.8
Phpgurukul Student Record System - SQL Injection
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php.
by Jannick Tiger
CVSS 8.8
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
by Marco Ivaldi
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
by Marco Ivaldi
Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (3)
by Marco Ivaldi
Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (2)
by Marco Ivaldi
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)
by Marco Ivaldi
Height8tech H8 Ssrms - IDOR
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality.
by Mohammed Farhan
CVSS 6.5
MyBB Delete Account Plugin 1.4 - XSS
MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons.
by 0xB9
CVSS 6.1
MyBB Trending Widget Plugin 1.2 - XSS
MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget.
by 0xB9
CVSS 6.1
MyBB Thread Redirect Plugin 0.2.1 - XSS
MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution.
by 0xB9
CVSS 6.1
By Source