Exploitdb Exploits
50,076 exploits tracked across all sources.
WordPress Plugin WP-Paginate 2.1.3 Stored XSS via preset
WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter that are stored and executed when administrators view the settings.
by Park Won Seok
CVSS 6.4
Cassandra Web 0.5.0 - Path Traversal
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache Cassandra database credentials.
by Jeremy Brown
CVSS 7.5
Baby Care System 1.0 - Stored Cross-Site Scripting via Post Title Parameter
Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter.
by Hardik Solanki
CVSS 5.4
SourceCodester Responsive E-Learning System 1.0 - SQL Injection via id Parameter
SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/delete_teacher_students.php?id= parameter via id field.
by Kshitiz Raj
CVSS 9.8
Intel(R) Matrix Storage Event Monitor x86 8.0.0.1039 - 'IAANTMON' Unquoted Service Path
by Geovanni Ruiz
td-agent-builder < 2020-12-18 - Privilege Escalation via Writable bin Directory
The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.
by Adrian Bondocea
CVSS 7.0
Resumes Management and Job Application Website 1.0 - Authentication Bypass
by Kshitiz Raj
Responsive FileManager 9.13.4 - 'path' Path Traversal
by Sun* Cyber Security Research Team
Online Learning Management System 1.0 - RCE (Authenticated)
by Bedri Sertkaya
klog_server 2.4.1 - OS Command Injection via User Parameter
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
by B3KC4T
CVSS 9.8
IncomCMS 2.0 - Unauthenticated Unrestricted File Upload via modules/uploader/showcase/script.php
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
by MoeAlBarbari
CVSS 9.8
HPE Edgeline Infrastructure Manager 1.0 - Multiple Remote Vulnerabilities
by Jeremy Brown
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Persistent Cross-Site Scripting
by Mesut Cetin
Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit (Authenticated)
by Jeremy Brown
Click2Magic 1.1.5 - Stored Cross-Site Scripting via Chat Name Input
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests.
by Shivam Verma
CVSS 6.4
MiniTool ShadowMaker 3.2 - Local Privilege Escalation
MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' to inject malicious executables and escalate privileges.
by Thalia Nieto
CVSS 7.8
Knockpy 4.1.1 - CSV Injection via Server Header Manipulation
Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet applications.
by Dolev Farhi
CVSS 9.8
Easy CD & DVD Cover Creator 4.13 - Buffer Overflow
Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnerability in the serial number input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the serial number field to trigger an application crash.
by stresser
CVSS 9.8
4images 1.7.11 - Stored Cross-Site Scripting via Image URL
4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inject the XSS payload into the IMAGE URL. Each time a user visits that URL, the XSS triggers and the attacker can be able to steal the cookie according to the crafted payload.
by Ritesh Gohil
CVSS 4.8
Arteco Web Client DVR/NVR - Auth Bypass
Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without authorization.
by LiquidWorm
CVSS 9.8
WordPress < 5.2.3 - Authenticated Cross-Site Scripting in Post Preview
WordPress before 5.2.3 allows XSS in post previews by authenticated users.
by gx1
CVSS 5.4
Subrion CMS 4.2.1 - Cross-Site Scripting via Avatar Path Parameter
Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.
by icekam
CVSS 6.1
sar2html 3.2.1 - 'plot' Remote Code Execution
by Musyoka Ian
By Source