Exploitdb Exploits
50,076 exploits tracked across all sources.
ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)
by Mufaddal Masalawala
Artworks Gallery 1.0 - Unauthenticated Arbitrary File Upload via Edit Profile
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.
by Shahrukh Iqbal Mirza
CVSS 8.8
Artworks Gallery 1.0 - Unauthenticated Arbitrary File Upload via Add Artwork
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.
by Shahrukh Iqbal Mirza
CVSS 8.8
Mitel ICP VoIP 3100 - Info Disclosure
An issue was discovered on Mitel ICP VoIP 3100 devices. When a remote user attempts to log in via TELNET during the login wait time and an external call comes in, the system incorrectly divulges information about the call and any SMDR records generated by the system. The information provided includes the service type, extension number and other parameters, related to the call activity.
by Andrea Intilangelo
CVSS 5.6
Acer Global Registration Service 1.0.0.3 - Code Injection
Acer Global Registration Service 1.0.0.3 contains an unquoted service path vulnerability in its service configuration that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Acer\Registration\ to inject malicious executables that would run with elevated LocalSystem privileges during service startup.
by Emmanuel Lujan
CVSS 7.8
EPSON Status Monitor 3 8.0 - Unquoted Service Path Privilege Escalation via E_S60RPB.EXE
EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can leverage the unquoted path in 'C:\Program Files\Common Files\EPSON\EPW!3SSRP\E_S60RPB.EXE' to inject malicious executables and escalate privileges.
by SamAlucard
CVSS 7.8
Tendenci 12.3.1 - CSV Formula Injection via Contact Form Message Field
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when the CSV is opened in spreadsheet applications.
by Mufaddal Masalawala
CVSS 9.8
10-Strike Network Inventory Explorer <8.65 - RCE
10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerability in exception handling that allows remote attackers to execute arbitrary code. Attackers can craft a malicious file with 209 bytes of padding and a specially constructed Structured Exception Handler to trigger code execution.
by Sectechs
CVSS 9.8
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Area Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php.
by yunaranyancat
CVSS 5.4
Multi Restaurant Table Reservation System 1.0 - Cross-Site Scripting via Made Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Made field to /dashboard/menu-list.php.
by yunaranyancat
CVSS 5.4
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Item Name Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Item Name field to /dashboard/menu-list.php.
by yunaranyancat
CVSS 5.4
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Table Name Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Table Name field to /dashboard/table-list.php.
by yunaranyancat
CVSS 5.4
Pearson VUE Testing System 2.3.1911 - Unauthenticated Privilege Escalation via Directory Permissions
The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the "%SYSTEMDRIVE%\Pearson VUE" directory, which allows local users to obtain administrative privileges via a Trojan horse application.
by Jok3r
CVSS 7.8
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Restaurant Name Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php.
by yunaranyancat
CVSS 5.4
EIP-2026-117325
EXPLOITDB
Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path
by Metin Yunus Kandemir
EventON < 3.0.5 - Cross-Site Scripting via Search Field
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
by B3KC4T
CVSS 6.1
Tailor Management System 1.0 - Unrestricted File Upload to Remote Code Execution
by Saeed Bala Ahmed
Pharmacy/Medical Store & Sale Point 1.0 - 'email' SQL Injection
by naivenom
Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Matthew Aberegg
Online Shopping Alphaware 1.0 - Error Based SQL injection
by Moaaz Taha
Medical Center Portal Management System 1.0 - 'login' SQL Injection
by Aydın Baran Ertemir
Lepton-CMS 4.7.0 - Stored Cross-Site Scripting via Admin URL Field
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.
by Sagar Banwa
CVSS 4.8
By Source