Exploitdb Exploits
50,076 exploits tracked across all sources.
Apache Flink JobManager Traversal
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.
by SunCSR Team
CVSS 7.5
EVOLUCARE ECSIMAGING < 6.21.5 - SQL Injection via Login and Password Reset Forms
EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data in the database and obtain access to the application. (The database component runs as root.) NOTE: This vulnerability only affects products that are no longer supported by the maintainer
by shoxxdj
CVSS 9.8
Cockpit < 0.6.1 - Remote Code Execution via registerCriteriaFunction
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI.
by Rafael Resende
CVSS 9.8
Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execution
by Saeed Bala Ahmed
iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)
by h4cks1n
WordPress Plugin WP24 Domain Check 1.6.2 Stored XSS
WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at options.php that execute in the browsers of administrators viewing the settings page.
by Mehmet Kelepçe
CVSS 6.4
dirsearch 0.4.1 - CSV Injection via Redirect Endpoint Path
Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the generated CSV report.
by Dolev Farhi
CVSS 9.8
IObit Uninstaller 10 Pro - Privilege Escalation
IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malicious code that would execute with SYSTEM-level permissions during service startup.
by Mayur Parmar
CVSS 7.8
WinAVR <20100110 - Privilege Escalation
WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory.
by Mohammed Alshehri
CVSS 8.8
Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery via My Additional Contact Page
Advanced Webhost Billing System 3.7.0 is affected by Cross Site Request Forgery (CSRF) attacks that can delete a contact from the My Additional Contact page.
by Rahul Ramakant Singh
CVSS 4.3
PaperStream IP (TWAIN) 1.42.0.5685 - Unauthenticated Local Privilege Escalation via Untrusted Search Path
In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it can be used to escalate to SYSTEM level privilege.
by 1F98D
CVSS 7.8
WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting
by Nhat Ha
Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated)
by Arnav Tripathy
Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE
by Kshitiz Raj
Responsive E-Learning System 1.0 - Stored Cross Site Scripting
by Kshitiz Raj
Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting
by Shivam Verma
Newgen eGov <12.0 - Info Disclosure
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
by ALI AL SINAN
CVSS 7.5
ipeak Infosystems ibexwebCMS <3.5 - SQL Injection
ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page.
by MoeAlBarbari
CVSS 9.8
Gitea < 1.7.6 and 1.8.x < 1.8-RC3 - Remote Code Execution via Mirror Repository URL Mishandling
models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution.
by 1F98D
CVSS 8.8
Nexus Repository Manager Java EL Injection RCE
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
by 1F98D
CVSS 8.8
WordPress Plugin Stripe Payments 2.0.39 Stored XSS via currency_code
WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settings[currency_code] parameter. Attackers can submit POST requests to /wp-admin/options.php with script payloads in the currency_code field to execute arbitrary JavaScript in administrator browsers when settings are viewed.
by Park Won Seok
CVSS 6.4
By Source