Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-36965 EXPLOITDB HIGH python VERIFIED
docPrint Pro 8.0 - Stack-based Buffer Overflow via Add URL Input Field
docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler (SEH) overwrite to execute shellcode and gain remote system access.
by MasterVlad
CVSS 8.4
CVE-2020-29470 EXPLOITDB MEDIUM text
OpenCart 3.0.3.6 - Stored Cross-Site Scripting in Mail Subject Field
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
by Hemant Patidar
CVSS 4.8
CVE-2020-29471 EXPLOITDB MEDIUM text
OpenCart 3.0.3.6 - Stored Cross-Site Scripting via Profile Image Upload
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.
by Hemant Patidar
CVSS 4.8
CVE-2020-29475 EXPLOITDB MEDIUM text
nopCommerce Store 4.30 - Stored Cross-Site Scripting in Schedule Tasks Name Field
nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
by Hemant Patidar
CVSS 4.8
CVE-2020-13951 EXPLOITDB HIGH text
Apache OpenMeetings 4.0.0-5.0.0 - Denial of Service via NetTest Web Service
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
by SunCSR
CVSS 7.5
CVE-2019-12725 EXPLOITDB CRITICAL ruby VERIFIED
ZeroShell 3.9.0 - Unauthenticated Remote Command Execution via HTTP Parameter Injection
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
by Giuseppe Fuggiano
CVSS 9.8
EIP-2026-101988 EXPLOITDB text
Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE (Authenticated)
by maj0rmil4d
EIP-2026-116918 EXPLOITDB python VERIFIED
Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH)
by Luis Martínez
EIP-2026-113159 EXPLOITDB text
VTiger v7.0 CRM - 'To' Persistent XSS
by Vulnerability-Lab
CVE-2020-7934 EXPLOITDB MEDIUM text
Liferay Portal 7.1.0-7.2.1 GA2 - Stored Cross-Site Scripting in User Account Name Fields
In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). This issue was fixed in Liferay Portal CE version 7.3.0 GA1.
by 3ndG4me
CVSS 5.4
CVE-2020-24363 EXPLOITDB HIGH text
TP-Link TL-WA855RE V5 - Privilege Escalation
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.
by malwrforensics
CVSS 8.8
CVE-2020-36967 EXPLOITDB CRITICAL perl
Zortam Mp3 Media Studio 27.60 - RCE
Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with shellcode to trigger a structured exception handler (SEH) overwrite and execute arbitrary commands on the target system.
by Vincent Wolterman
CVSS 9.8
EIP-2026-117300 EXPLOITDB python
IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow
by Paolo Stagno
EIP-2026-117192 EXPLOITDB ruby VERIFIED
Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)
by ZwX
EIP-2026-116919 EXPLOITDB python VERIFIED
Boxoft Convert Master 1.3.0 - 'wav' SEH Local Exploit
by stresser
CVE-2020-29233 EXPLOITDB MEDIUM text VERIFIED
WonderCMS 3.1.3 - Stored Cross-Site Scripting in Page Description
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the crafted payload.
by Hemant Patidar
CVSS 5.4
CVE-2020-37234 EXPLOITDB MEDIUM perl
Internet Download Manager 6.38.12 Scheduler Buffer Overflow
Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data exceeding 5000 bytes into the 'Open the following file when done' field to trigger a denial of service condition.
by Vincent Wolterman
CVSS 6.2
CVE-2020-36969 EXPLOITDB HIGH python
M/Monit 3.7.4 - Privilege Escalation
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.
by Dolev Farhi
CVSS 8.8
CVE-2020-36968 EXPLOITDB MEDIUM python
M/Monit 3.7.4 - Authenticated Password Hash Exposure via Admin API Endpoints
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.
by Dolev Farhi
CVSS 6.5
CVE-2020-15929 EXPLOITDB CRITICAL text
Ortus TestBox 2.4.0-4.1.0 - Remote Code Execution via HTMLRunner.cfm Query Parameters
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
by Darren King
CVSS 9.8
CVE-2020-15928 EXPLOITDB MEDIUM text
Ortus TestBox 2.4.0-4.1.0 - Path Traversal via test-browser/index.cfm Query Parameters
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.
by Darren King
CVSS 5.3
EIP-2026-114698 EXPLOITDB python
Gitlab 12.9.0 - Arbitrary File Read (Authenticated)
by Jasper Rasenberg
CVE-2020-28091 EXPLOITDB HIGH text
cxuucms v3 - SQL Injection via search.php Keywords Parameter
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.
by icekam
CVSS 7.5
CVE-2020-28092 EXPLOITDB MEDIUM text
PESCMS Team 2.3.2 - Reflected Cross-Site Scripting via ID Parameter
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=
by icekam
CVSS 6.1
EIP-2026-104348 EXPLOITDB text
Nagios Log Server 2.1.7 - Persistent Cross-Site Scripting
by Emre ÖVÜNÇ