Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-103327 EXPLOITDB python
TerraMaster TOS 4.2.06 - RCE (Unauthenticated)
by IHTeam
CVE-2020-37240 EXPLOITDB MEDIUM text
Queue Management System 4.0.0 Stored XSS via Add User
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which execute when viewing the User List page.
by Kislay Kumar
CVSS 6.4
CVE-2022-29380 EXPLOITDB MEDIUM text
Academy-LMS 4.3 - Stored Cross-Site Scripting in SEO Panel
Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.
by Vinicius Alves
CVSS 4.8
CVE-2020-25901 EXPLOITDB MEDIUM text
Spiceworks 7.5.7.0 - Open Redirect via Host Header Injection
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
by Ramikan
CVSS 6.1
CVE-2020-25495 EXPLOITDB MEDIUM text
Xinuos OpenServer 5 and 6 - Reflected Cross-Site Scripting via Section Parameter
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.
by Ramikan
CVSS 6.1
CVE-2020-25494 EXPLOITDB CRITICAL text
Xinuos OpenServer 5-6 - OS Command Injection via printbook cgi-bin Parameters
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.
by Ramikan
CVSS 9.8
EIP-2026-111389 EXPLOITDB text
Point of Sale System 1.0 - Multiple Stored XSS
by Saeed Bala Ahmed
CVE-2020-35151 EXPLOITDB HIGH text
Online Marriage Registration System 1.0 - SQL Injection
The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection.
by Raffaele Sabato
CVSS 8.8
EIP-2026-104451 EXPLOITDB text
Spotweb 1.4.9 - 'search' SQL Injection
by BouSalman
CVE-2020-20142 EXPLOITDB MEDIUM text
Flexmonster Pivot Table & Charts 2.7.17 - Cross-Site Scripting in To Remote CSV Component
Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17.
by Marco Nappi
CVSS 6.1
CVE-2020-20141 EXPLOITDB MEDIUM text
Flexmonster Pivot Table & Charts 2.7.17 - Cross-Site Scripting in To OLAP (XMLA) Component
Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.
by Marco Nappi
CVSS 6.1
CVE-2020-20140 EXPLOITDB MEDIUM text
Flexmonster Pivot Table & Charts 2.7.17 - Stored Cross-Site Scripting in Remote Report Open Menu
Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17.
by Marco Nappi
CVSS 6.1
CVE-2020-20139 EXPLOITDB MEDIUM text
Flexmonster Pivot Table & Charts 2.7.17 - Cross-Site Scripting in Remote JSON Component
Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.
by Marco Nappi
CVSS 6.1
CVE-2020-36954 EXPLOITDB MEDIUM text
Xeroneit Library Management System 3.1 - XSS
Xeroneit Library Management System 3.1 contains a stored cross-site scripting vulnerability in the Book Category feature that allows administrators to inject malicious scripts. Attackers can insert a payload in the Category Name field to execute arbitrary JavaScript code when the page is loaded.
by Kislay Kumar
CVSS 6.4
CVE-2020-36946 EXPLOITDB HIGH python
SyncBreeze 10.0.28 - Denial of Service via Oversized Login Payload
SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability.
by Ahmed Elkhressy
CVSS 7.5
CVE-2020-36011 EXPLOITDB MEDIUM text
QDOCS Smart Hospital Management System 3.1 - Stored Cross-Site Scripting via Add Patient Form
A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field.
by Kislay Kumar
CVSS 4.8
EIP-2026-113696 EXPLOITDB ruby VERIFIED
Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit)
by SunCSR Team
EIP-2026-111388 EXPLOITDB text
Point of Sale System 1.0 - Authentication Bypass
by Saeed Bala Ahmed
EIP-2026-105143 EXPLOITDB text
Alumni Management System 1.0 - Unrestricted File Upload To RCE
by Aakash Madaan
EIP-2026-105141 EXPLOITDB text
Alumni Management System 1.0 - 'id' SQL Injection
by Aakash Madaan
EIP-2026-105139 EXPLOITDB text
Alumni Management System 1.0 - _Course Form_ Stored XSS
by Aakash Madaan
CVE-2020-26887 EXPLOITDB HIGH text
FRITZ!Box 7490 Firmware < 7.21 - DNS Rebinding Protection Mechanism Bypass
FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism.
by RedTeam Pentesting GmbH
CVSS 7.8
CVE-2020-35597 EXPLOITDB HIGH text
Victor CMS 1.0 - SQL Injection via c_id, p_id, u_id, and edit Parameters
Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.
by Furkan Göksel
CVSS 8.8
CVE-2020-35416 EXPLOITDB MEDIUM text
PHPJabbers Appointment Scheduler 2.3 - Cross-Site Scripting in Admin Login Page
Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.
by Andrea Intilangelo
CVSS 6.1
EIP-2026-110192 EXPLOITDB text
Online Tours & Travels Management System 1.0 - _id_ SQL Injection
by Saeed Bala Ahmed