Exploitdb Exploits
50,186 exploits tracked across all sources.
10-Strike Network Inventory Explorer <8.65 - RCE
10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerability in exception handling that allows remote attackers to execute arbitrary code. Attackers can craft a malicious file with 209 bytes of padding and a specially constructed Structured Exception Handler to trigger code execution.
by Sectechs
CVSS 9.8
Multi Restaurant Table Reservation System - XSS
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php.
by yunaranyancat
CVSS 5.4
Multi Restaurant Table Reservation System - XSS
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Made field to /dashboard/menu-list.php.
by yunaranyancat
CVSS 5.4
Multi Restaurant Table Reservation System - XSS
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Item Name field to /dashboard/menu-list.php.
by yunaranyancat
CVSS 5.4
Multi Restaurant Table Reservation System - XSS
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Table Name field to /dashboard/table-list.php.
by yunaranyancat
CVSS 5.4
Pearson Vue Testing System - Incorrect Permission Assignment
The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the "%SYSTEMDRIVE%\Pearson VUE" directory, which allows local users to obtain administrative privileges via a Trojan horse application.
by Jok3r
CVSS 7.8
Multi Restaurant Table Reservation System - XSS
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php.
by yunaranyancat
CVSS 5.4
EIP-2026-117325
EXPLOITDB
Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path
by Metin Yunus Kandemir
WordPress EventON <3.0.5 - XSS
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
by B3KC4T
CVSS 6.1
Tailor Management System 1.0 - Unrestricted File Upload to Remote Code Execution
by Saeed Bala Ahmed
Pharmacy/Medical Store & Sale Point 1.0 - 'email' SQL Injection
by naivenom
Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Matthew Aberegg
Online Shopping Alphaware 1.0 - Error Based SQL injection
by Moaaz Taha
Medical Center Portal Management System 1.0 - 'login' SQL Injection
by Aydın Baran Ertemir
Lepton-CMS 4.7.0 - XSS
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.
by Sagar Banwa
CVSS 4.8
Joomla Component GMapFP <J3.5/J3.5free - Info Disclosure
In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.
by ThelastVvV
CVSS 7.5
Setelsa Conacwin 3.7.1.2 - Local File Inclusion
by Bryan Rodriguez Martin
YATinyWinFTP - DoS
YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buffer overflow and service crash.
by strider
CVSS 9.8
Intelbras Router RF 301K <1.1.2 - Auth Bypass
Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router configuration without authentication.
by Kaio Amaral
CVSS 7.5
ATX Minicmts200a Firmware < 2.0 - Path Traversal
A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated attacker to retrieve administrator credentials by sending a malicious POST request.
by Zagros Bingol
CVSS 7.5
Rejetto HTTP File Server <2.3c - RCE
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
by Óscar Andreu
CVSS 9.8
Foxitsoftware Foxit Reader < 9.0.1.1049 - Use After Free
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620.
by CrossWire
CVSS 8.8
Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting
by Ilca Lucian Florin
By Source