Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-47982 EXPLOITDB MEDIUM text
WordPress Plugin WP-Paginate 2.1.3 Stored XSS via preset
WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter that are stored and executed when administrators view the settings.
by Park Won Seok
CVSS 6.4
CVE-2020-36939 EXPLOITDB HIGH python
Cassandra Web 0.5.0 - Path Traversal
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache Cassandra database credentials.
by Jeremy Brown
CVSS 7.5
CVE-2020-35752 EXPLOITDB MEDIUM text
Baby Care System 1.0 - Stored Cross-Site Scripting via Post Title Parameter
Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter.
by Hardik Solanki
CVSS 5.4
CVE-2020-36084 EXPLOITDB CRITICAL text
SourceCodester Responsive E-Learning System 1.0 - SQL Injection via id Parameter
SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/delete_teacher_students.php?id= parameter via id field.
by Kshitiz Raj
CVSS 9.8
EIP-2026-117328 EXPLOITDB text
Intel(R) Matrix Storage Event Monitor x86 8.0.0.1039 - 'IAANTMON' Unquoted Service Path
by Geovanni Ruiz
CVE-2020-28169 EXPLOITDB HIGH text
td-agent-builder < 2020-12-18 - Privilege Escalation via Writable bin Directory
The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.
by Adrian Bondocea
CVSS 7.0
EIP-2026-111759 EXPLOITDB text
Resumes Management and Job Application Website 1.0 - Authentication Bypass
by Kshitiz Raj
EIP-2026-111748 EXPLOITDB python
Responsive FileManager 9.13.4 - 'path' Path Traversal
by Sun* Cyber Security Research Team
EIP-2026-110147 EXPLOITDB text
Online Movie Streaming 1.0 - Authentication Bypass
by Kshitiz Raj
EIP-2026-110134 EXPLOITDB python
Online Learning Management System 1.0 - RCE (Authenticated)
by Bedri Sertkaya
CVE-2020-35729 EXPLOITDB CRITICAL python VERIFIED
klog_server 2.4.1 - OS Command Injection via User Parameter
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
by B3KC4T
CVSS 9.8
EIP-2026-106261 EXPLOITDB text
CSZ CMS 1.2.9 - Multiple Cross-Site Scripting
by SunCSR
CVE-2020-29597 EXPLOITDB CRITICAL html
IncomCMS 2.0 - Unauthenticated Unrestricted File Upload via modules/uploader/showcase/script.php
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
by MoeAlBarbari
CVSS 9.8
EIP-2026-104276 EXPLOITDB python
HPE Edgeline Infrastructure Manager 1.0 - Multiple Remote Vulnerabilities
by Jeremy Brown
EIP-2026-104231 EXPLOITDB text
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Persistent Cross-Site Scripting
by Mesut Cetin
EIP-2026-103346 EXPLOITDB python
Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit (Authenticated)
by Jeremy Brown
CVE-2020-36931 EXPLOITDB MEDIUM text
Click2Magic 1.1.5 - Stored Cross-Site Scripting via Chat Name Input
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests.
by Shivam Verma
CVSS 6.4
CVE-2020-36953 EXPLOITDB HIGH text
MiniTool ShadowMaker 3.2 - Local Privilege Escalation
MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' to inject malicious executables and escalate privileges.
by Thalia Nieto
CVSS 7.8
CVE-2020-36941 EXPLOITDB CRITICAL text
Knockpy 4.1.1 - CSV Injection via Server Header Manipulation
Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet applications.
by Dolev Farhi
CVSS 9.8
CVE-2020-36940 EXPLOITDB CRITICAL python
Easy CD & DVD Cover Creator 4.13 - Buffer Overflow
Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnerability in the serial number input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the serial number field to trigger an application crash.
by stresser
CVSS 9.8
CVE-2020-35853 EXPLOITDB MEDIUM text
4images 1.7.11 - Stored Cross-Site Scripting via Image URL
4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inject the XSS payload into the IMAGE URL. Each time a user visits that URL, the XSS triggers and the attacker can be able to steal the cookie according to the crafted payload.
by Ritesh Gohil
CVSS 4.8
CVE-2020-36925 EXPLOITDB CRITICAL python
Arteco Web Client DVR/NVR - Auth Bypass
Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without authorization.
by LiquidWorm
CVSS 9.8
CVE-2019-16223 EXPLOITDB MEDIUM text
WordPress < 5.2.3 - Authenticated Cross-Site Scripting in Post Preview
WordPress before 5.2.3 allows XSS in post previews by authenticated users.
by gx1
CVSS 5.4
CVE-2020-35437 EXPLOITDB MEDIUM text
Subrion CMS 4.2.1 - Cross-Site Scripting via Avatar Path Parameter
Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.
by icekam
CVSS 6.1
EIP-2026-111895 EXPLOITDB python VERIFIED
sar2html 3.2.1 - 'plot' Remote Code Execution
by Musyoka Ian