Exploitdb Exploits
50,135 exploits tracked across all sources.
WordPress Plugin WP-PostRatings 1.86 - 'postratings_image' Cross-Site Scripting
by Park Won Seok
WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload
by spacehen
Apartment Visitors Management System 1.0 - Authentication Bypass
by Kshitiz Raj
Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection
by gx1
Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS
by Vijay Sachdeva
Online Learning Management System 1.0 - Multiple Stored XSS
by Aakash Madaan
Online Learning Management System 1.0 - Authentication Bypass
by Aakash Madaan
Online Learning Management System 1.0 - 'id' SQL Injection
by Aakash Madaan
Terra-master Terramaster Operating System - OS Command Injection
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
by AkkuS
CVSS 9.8
Victor CMS 1.0 - RCE
Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser.
by Mosaaed
CVSS 8.8
Cse Bookstore - SQL Injection
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running.
by Musyoka Ian
CVSS 9.8
10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow (SEH)
by Florian Gassner
WordPress Plugin W3 Total Cache - Unauthenticated Arbitrary File Read (Metasploit)
by SunCSR Team
Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection (Authenticated)
by Matthew Aberegg
Multi Branch School Management System 3.5 - _Create Branch_ Stored XSS
by Kislay Kumar
Library Management System 3.0 - _Add Category_ Stored XSS
by Kislay Kumar
Artworks Gallery Management System 1.0 - 'id' SQL Injection
by Vijay Sachdeva
Webmin < 1.962 - OS Command Injection
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.
by AkkuS
CVSS 8.8
Academy-LMS v4.3 - XSS
Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.
by Vinicius Alves
CVSS 4.8
Spiceworks - Open Redirect
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
by Ramikan
CVSS 6.1
Xinuos Openserver - XSS
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.
by Ramikan
CVSS 6.1
By Source