Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-43460 EXPLOITDB HIGH text
System Explorer 7.0.0 - Privilege Escalation
An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path.
by Mohammed Alshehri
CVSS 7.8
CVE-2021-43459 EXPLOITDB MEDIUM text
Rumble Mail Server <0.51.3135 - XSS
A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters.
by Mohammed Alshehri
CVSS 5.4
CVE-2020-36932 EXPLOITDB MEDIUM text
SeaCMS 11.1 - Stored Cross-Site Scripting via Checkuser Parameter
SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded.
by j5s
CVSS 6.1
CVE-2020-36947 EXPLOITDB HIGH python
LibreNMS 1.46 - Authenticated SQL Injection
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection.
by Hodorsec
CVSS 7.1
CVE-2020-29596 EXPLOITDB HIGH python
MiniWeb HTTP Server 0.8.19 - Denial of Service via Long POST Parameter Name
MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request.
by securityforeveryone.com
CVSS 7.5
CVE-2018-19585 EXPLOITDB HIGH python
GitLab CE/EE <11.3.11-11.5.1 - CRLF Injection
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.
by Fortunato Lodari
CVSS 7.5
EIP-2026-111815 EXPLOITDB text
Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change password)
by KeopssGroup0day_Inc
EIP-2026-104498 EXPLOITDB text
WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download
by Wadeek
EIP-2026-104424 EXPLOITDB text
Seacms 11.1 - 'ip and weburl' Remote Command Execution
by j5s
EIP-2026-104423 EXPLOITDB text
Seacms 11.1 - 'file' Local File Inclusion
by j5s
CVE-2020-2231 EXPLOITDB MEDIUM text
Jenkins < 2.251 and LTS < 2.235.3 - Stored Cross-Site Scripting via Remote Build Trigger
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.
by gx1
CVSS 5.4
EIP-2026-101840 EXPLOITDB python
Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation
by Maximilian Barz
CVE-2020-35202 EXPLOITDB MEDIUM text
Ignite Realtime Openfire 4.6.0 - Stored Cross-Site Scripting in DB Access Plugin
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.
by j5s
CVSS 5.4
CVE-2020-35201 EXPLOITDB MEDIUM text
Ignite Realtime Openfire 4.6.0 - XSS
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.
by j5s
CVSS 5.4
CVE-2020-35199 EXPLOITDB MEDIUM text
Ignite Realtime Openfire 4.6.0 - XSS
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.
by j5s
CVSS 5.4
CVE-2020-35329 EXPLOITDB MEDIUM text
Courier Management System 1.0 - SQL Injection via MULTIPART street Parameter
Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '.
by Zhaiyi
CVSS 6.5
CVE-2020-35328 EXPLOITDB MEDIUM text
Courier Management System 1.0 - Stored Cross-Site Scripting via First Name Field
Courier Management System 1.0 - 'First Name' Stored XSS
by Zhaiyi
CVSS 5.4
CVE-2020-35327 EXPLOITDB MEDIUM text
Courier Management System 1.0 - SQL Injection via ref_no Parameter
SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php
by Zhaiyi
CVSS 6.5
EIP-2026-112493 EXPLOITDB text
Supply Chain Management System - Auth Bypass SQL Injection
by Piyush Malviya
CVE-2020-11819 EXPLOITDB CRITICAL bash
Rukovoditel 2.5.2 - Remote Code Execution via Language File Path Traversal
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.
by coiffeur
CVSS 9.8
EIP-2026-109391 EXPLOITDB text
Medical Center Portal Management System 1.0 - Multiple Stored XSS
by Saeed Bala Ahmed
EIP-2026-106514 EXPLOITDB python
Dolibarr 12.0.3 - SQLi to RCE
by coiffeur
CVE-2020-2229 EXPLOITDB MEDIUM text
Jenkins < 2.235.3 and < 2.251 - Stored Cross-Site Scripting via Help Icon Tooltip
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
by gx1
CVSS 5.4
CVE-2020-2230 EXPLOITDB MEDIUM text
Jenkins < 2.235.3 and < 2.251 - Stored Cross-Site Scripting in Project Naming Strategy Description
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
by gx1
CVSS 5.4
CVE-2020-36957 EXPLOITDB HIGH text
PDF Complete <3.5.310.2002 - Code Injection
PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.
by Zaira Alquicira
CVSS 7.8