Exploitdb Exploits

50,193 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106037 EXPLOITDB python
CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)
by Fatih Çelik
EIP-2026-100641 EXPLOITDB text
BlogEngine 3.3.8 - 'Content' Stored XSS
by Andrey Stoykov
CVE-2020-36920 EXPLOITDB HIGH text
iDS6 DSSPro Digital Signage System 6.2 - Privilege Escalation
iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by exploiting insecure direct object references.
by LiquidWorm
CVSS 8.8
CVE-2020-36918 EXPLOITDB MEDIUM text
iDS6 DSSPro Digital Signage System 6.2 - CSRF
iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the lack of CSRF protections.
by LiquidWorm
CVSS 4.3
CVE-2020-13152 EXPLOITDB MEDIUM perl
Amarok 2.8.0 - Memory Corruption
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service.
by FishballAndMeatball
CVSS 5.5
EIP-2026-101799 EXPLOITDB text
iDS6 DSSPro Digital Signage System 6.2 - CAPTCHA Security Bypass
by LiquidWorm
CVE-2017-13772 EXPLOITDB HIGH python
Tp-link Wr940n Firmware - Memory Corruption
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm.
by Patrik Lantz
CVSS 8.8
CVE-2020-36973 EXPLOITDB MEDIUM text
PDW File Browser 1.3 - RCE
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path traversal techniques.
by David Bimmel
CVSS 6.5
EIP-2026-112448 EXPLOITDB python
Student Attendance Management System 1.0 - 'username' SQL Injection / Remote Code Execution
by Mosaaed
EIP-2026-111930 EXPLOITDB python
School Log Management System 1.0 - 'username' SQL Injection / Remote Code Execution
by Mosaaed
EIP-2026-111516 EXPLOITDB text
Processwire CMS 2.4.0 - 'download' Local File Inclusion
by Y1LD1R1M
CVE-2020-29284 EXPLOITDB CRITICAL text
Multi Restaurant Table Reservation System 1.0 - Unauthenticated SQL...
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.
by yunaranyancat
CVSS 9.8
EIP-2026-106111 EXPLOITDB text
Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution
by Mosaaed
CVE-2020-36983 EXPLOITDB HIGH text
Quick 'n Easy FTP Service 3.2 - RCE
Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during system boot or service restart.
by yunaranyancat
CVSS 7.8
CVE-2020-28872 EXPLOITDB CRITICAL python VERIFIED
Monitorr - Incorrect Authorization
An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials.
by Lyhin\'s Lab
CVSS 9.8
CVE-2020-28871 EXPLOITDB CRITICAL python VERIFIED
Monitorr - Unrestricted File Upload
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.
by Lyhin\'s Lab
CVSS 9.8
CVE-2020-14425 EXPLOITDB HIGH VERIFIED
Foxit Reader <10.0 - RCE
Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.
by Nassim Asrir
CVSS 7.8
EIP-2026-114049 EXPLOITDB python
WordPress Plugin Simple File List 4.2.2 - Arbitrary File Upload
by H4rk3nz0
EIP-2026-102354 EXPLOITDB python
Apache Flink 1.9.x - File Upload RCE (Unauthenticated)
by bigger.wing
EIP-2026-112081 EXPLOITDB python
Simple College Website 1.0 - 'username' SQL Injection / Remote Code Execution
by yunaranyancat
EIP-2026-110126 EXPLOITDB text
Online Job Portal 1.0 - 'userid' SQL Injection
by Akıner Kısa
CVE-2020-27533 EXPLOITDB MEDIUM text
DedeCMS <5.8 - XSS
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.
by Noth
CVSS 5.4
EIP-2026-106253 EXPLOITDB text
CSE Bookstore 1.0 - 'quantity' Persistent Cross-site Scripting
by Vyshnav nk
EIP-2026-104201 EXPLOITDB python
Citadel WebCit < 926 - Session Hijacking Exploit
by Simone Quatrini
CVE-2020-28137 EXPLOITDB MEDIUM text
Genexis Platinum 4410 Firmware - CSRF
Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router.
by Mohammed Farhan
CVSS 6.5
By Source
All 50,193 Writeup 54,084 Exploitdb 50,193 Nomisec 21,431 Metasploit 3,228 Github 2,586 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,368 ruby 5,960 python 5,951 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24