Exploitdb Exploits
50,186 exploits tracked across all sources.
Huawei HedEx Lite 200R006C00SPC005 - Path Traversal
by Vulnerability-Lab
Task Management System 1.0 - Unrestricted File Upload to Remote Code Execution
by Saeed Bala Ahmed
Task Management System 1.0 - 'First Name and Last Name' Stored XSS
by Saeed Bala Ahmed
VestaCP 0.9.8-26 - 'backup' Information Disclosure
by Vulnerability-Lab
Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption
by Tess Sluyter
Online Bus Ticket Reservation - SQL Injection
SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields.
by Sakshi Sharma
CVSS 9.8
Employee Performance Evaluation System - XSS
Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields.
by Ritesh Gohil
CVSS 4.8
Microsoft GamingServices 2.47.10001.0 - 'GamingServices' Unquoted Service Path
by Ismael Nava
Phpgurukul Cyber Cafe Management System - XSS
Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter.
by Pruthvi Nekkanti
CVSS 6.1
Rumble Mail Server 0.51.3135 - Buffer Overflow
An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path.
by Mohammed Alshehri
CVSS 7.8
Kite 1.2020.1119.0 - Code Injection
Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Kite\KiteService.exe' to inject malicious executables and escalate privileges on the system.
by Ismael Nava
CVSS 7.8
TapinRadio 2.13.7 - DoS
TapinRadio 2.13.7 contains a denial of service vulnerability in the application proxy settings that allows attackers to crash the program by overflowing input fields. Attackers can paste a large buffer of 20,000 characters into the username and address fields to cause the application to become unresponsive and require reinstallation.
by Ismael Nava
CVSS 7.5
Savsoft Quiz <5.0 - XSS
A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field.
by Dipak Panchal
CVSS 6.1
Dup Scout Enterprise 10.0.18 - 'online_registration' Remote Buffer Overflow
by 0rbz_
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
by 1F98D
CVSS 7.8
Testa Online Test Management System <3.4.7 - SQL Injection
Testa Online Test Management System 3.4.7 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'q' search parameter. Attackers can inject malicious SQL code in the search field to extract database information, potentially accessing sensitive user or system data.
by Ultra Security Team
CVSS 8.2
Forma LMS 2.3 - XSS
Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like '<script>alert(document.cookie)</script>' to execute arbitrary JavaScript when the profile is viewed by other users.
by Hemant Patidar
CVSS 6.4
IDT PC Audio 1.0.6499.0 - Privilege Escalation
IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the STacSV service to inject malicious code that would execute with LocalSystem account permissions during service startup.
by Diego Cañada
CVSS 7.8
Phpscript-sgh 0.1.0 - SQL Injection
Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit this vulnerability by crafting malicious payloads that trigger time delays, enabling them to extract sensitive database information through conditional sleep techniques.
by KeopssGroup0day_Inc
CVSS 8.2
Laravel Nova 3.7.0 - DoS
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.
by iqzer0
CVSS 6.5
Techkshetrainfo Savsoft Quiz - XSS
Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page).
by Dhruv Patel
CVSS 4.8
By Source