Exploitdb Exploits
50,076 exploits tracked across all sources.
System Explorer 7.0.0 - Privilege Escalation
An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path.
by Mohammed Alshehri
CVSS 7.8
Rumble Mail Server <0.51.3135 - XSS
A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters.
by Mohammed Alshehri
CVSS 5.4
SeaCMS 11.1 - Stored Cross-Site Scripting via Checkuser Parameter
SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded.
by j5s
CVSS 6.1
LibreNMS 1.46 - Authenticated SQL Injection
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection.
by Hodorsec
CVSS 7.1
MiniWeb HTTP Server 0.8.19 - Denial of Service via Long POST Parameter Name
MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request.
by securityforeveryone.com
CVSS 7.5
GitLab CE/EE <11.3.11-11.5.1 - CRLF Injection
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.
by Fortunato Lodari
CVSS 7.5
Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change password)
by KeopssGroup0day_Inc
WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download
by Wadeek
Jenkins < 2.251 and LTS < 2.235.3 - Stored Cross-Site Scripting via Remote Build Trigger
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.
by gx1
CVSS 5.4
Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation
by Maximilian Barz
Ignite Realtime Openfire 4.6.0 - Stored Cross-Site Scripting in DB Access Plugin
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.
by j5s
CVSS 5.4
Ignite Realtime Openfire 4.6.0 - XSS
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.
by j5s
CVSS 5.4
Ignite Realtime Openfire 4.6.0 - XSS
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.
by j5s
CVSS 5.4
Courier Management System 1.0 - SQL Injection via MULTIPART street Parameter
Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '.
by Zhaiyi
CVSS 6.5
Courier Management System 1.0 - Stored Cross-Site Scripting via First Name Field
Courier Management System 1.0 - 'First Name' Stored XSS
by Zhaiyi
CVSS 5.4
Courier Management System 1.0 - SQL Injection via ref_no Parameter
SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php
by Zhaiyi
CVSS 6.5
Supply Chain Management System - Auth Bypass SQL Injection
by Piyush Malviya
Rukovoditel 2.5.2 - Remote Code Execution via Language File Path Traversal
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.
by coiffeur
CVSS 9.8
Medical Center Portal Management System 1.0 - Multiple Stored XSS
by Saeed Bala Ahmed
Jenkins < 2.235.3 and < 2.251 - Stored Cross-Site Scripting via Help Icon Tooltip
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
by gx1
CVSS 5.4
Jenkins < 2.235.3 and < 2.251 - Stored Cross-Site Scripting in Project Naming Strategy Description
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
by gx1
CVSS 5.4
PDF Complete <3.5.310.2002 - Code Injection
PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.
by Zaira Alquicira
CVSS 7.8
By Source