Exploitdb Exploits
50,135 exploits tracked across all sources.
iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)
by h4cks1n
Dirsearch 0.4.1 - Code Injection
Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the generated CSV report.
by Dolev Farhi
CVSS 9.8
IObit Uninstaller 10 Pro - Privilege Escalation
IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malicious code that would execute with SYSTEM-level permissions during service startup.
by Mayur Parmar
CVSS 7.8
WinAVR <20100110 - Privilege Escalation
WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory.
by Mohammed Alshehri
CVSS 8.8
Totalonlinesolutions Advanced Webhost Billing System - CSRF
Advanced Webhost Billing System 3.7.0 is affected by Cross Site Request Forgery (CSRF) attacks that can delete a contact from the My Additional Contact page.
by Rahul Ramakant Singh
CVSS 4.3
Fujitsu Paperstream IP (twain) - Untrusted Search Path
In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it can be used to escalate to SYSTEM level privilege.
by 1F98D
CVSS 7.8
WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross Site Scripting
by Mehmet Kelepçe
WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting
by Nhat Ha
Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated)
by Arnav Tripathy
Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE
by Kshitiz Raj
Responsive E-Learning System 1.0 - Stored Cross Site Scripting
by Kshitiz Raj
Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting
by Shivam Verma
Newgen eGov <12.0 - Info Disclosure
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
by ALI AL SINAN
CVSS 7.5
ipeak Infosystems ibexwebCMS <3.5 - SQL Injection
ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page.
by MoeAlBarbari
CVSS 9.8
Gitea < 1.7.6 - Remote Code Execution
models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution.
by 1F98D
CVSS 8.8
Nexus Repository Manager Java EL Injection RCE
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
by 1F98D
CVSS 8.8
Cassandra Web 0.5.0 - Path Traversal
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache Cassandra database credentials.
by Jeremy Brown
CVSS 7.5
Janobe Baby Care System - XSS
Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter.
by Hardik Solanki
CVSS 5.4
Jkev Responsive E-learning System - SQL Injection
SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/delete_teacher_students.php?id= parameter via id field.
by Kshitiz Raj
CVSS 9.8
Intel(R) Matrix Storage Event Monitor x86 8.0.0.1039 - 'IAANTMON' Unquoted Service Path
by Geovanni Ruiz
Td-agent-builder < 2020-12-18 - Incorrect Permission Assignment
The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.
by Adrian Bondocea
CVSS 7.0
By Source