Exploitdb Exploits
50,135 exploits tracked across all sources.
Oracle WebLogic Server <14.1.1.0.0 - RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
by Photubias
CVSS 7.2
Presstigers Simple Board Job < 2.9.3 - Path Traversal
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php.
by SunCSR Team
CVSS 7.7
Online Documents Sharing Platform 1.0 - 'user' SQL Injection
by CANKAT ÇAKMAK
Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting
by Matthew Aberegg
Apartment Visitors Management System 1.0 - 'email' SQL Injection
by CANKAT ÇAKMAK
Anchor CMS 0.12.7 - CSRF
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
by Ninad Mishra
CVSS 8.8
Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)
by Richard Jones
Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS
by omurugur
Osticket < 1.14.3 - SSRF
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.
by Talat Mehmood
CVSS 9.8
Xwiki < 12.10.3 - XSS
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
by Karan Keswani
CVSS 5.4
Life Insurance Management System 1.0 - File Upload RCE (Authenticated)
by Aitor Herrero
Life Insurance Management System 1.0 - 'client_id' SQL Injection
by Aitor Herrero
E-Learning System 1.0 - SQL Injection
E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell.
by Himanshu Shukla
CVSS 9.8
Netsia SEBA+ <0.16.1 build 70-e669dcd7 - Info Disclosure
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and can then use that cookie immediately for admin access,
by AkkuS
CVSS 7.5
WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS)
by Rahul Ramakant Singh
Php-fusion Phpfusion - CSRF
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.
by Mohamed Oosman
CVSS 4.3
Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF)
by Mesut Cetin
Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection
by Mesut Cetin
Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection
by Mesut Cetin
Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting
by Mesut Cetin
Alumni Management System 1.0 - _Last Name field in Registration page_ Stored XSS
by Siva Rajendran
EyesOfNetwork 5.3 - File Upload Remote Code Execution
by Audencia Business SCHOOL Red Team
Online Shopping Cart System 1.0 - 'id' SQL Injection
by Aydın Baran Ertemir
By Source