Exploitdb Exploits
50,193 exploits tracked across all sources.
Online Students Management System 1.0 - 'username' SQL Injections
by George Tsimpidas
MedDream PACS Server 6.8.3.751 - Remote Code Execution (Unauthenticated)
by bzyo
Cisco ASA/FTD - Path Traversal
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.
by 3ndG4me
CVSS 7.5
openMAINT <1.1-2.4.2 - Command Injection
openMAINT before 1.1-2.4.2 allows remote authenticated users to run arbitrary JSP code on the underlying web server.
by mrb3n
CVSS 8.8
DynPG 4.9.1 - XSS
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.
by Enes Özeser
CVSS 5.4
Kentico <12.0.50 - XSS
Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.
by Ataberk YAVUZER
CVSS 5.4
SEOPanel <4.7.0 - RCE
A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Import website function.
by Kiko Andreu
CVSS 8.8
D-Link DSR-250N <3.17B - DoS
An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes.
by RedTeam Pentesting GmbH
CVSS 5.5
BACnet Test Server <=1.01 - DoS
BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port (47808/udp). A remote unauthenticated attacker can send a malformed BVLC Length value to trigger an access violation and crash the application, resulting in a denial of service.
by LiquidWorm
Textpattern CMS 4.6.2 - 'body' Persistent Cross-Site Scripting
by Alperen Ergel
Karel IP1211 - Path Traversal
A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted path traversal sequences. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
by berat isler
EasyPMS 1.0.0 - Auth Bypass
EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without proper token authentication.
by Jok3r
CVSS 7.5
Titanhq Spamtitan - Command Injection
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server.
by Felipe Molina
CVSS 9.8
MedDream PACS Server 6.8.3.751 - Authenticated RCE
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevated privileges.
by bzyo
CVSS 8.8
Typesetter CMS <5.1 - XSS
Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy.
by Alperen Ergel
CVSS 4.8
Get-simple Getsimple Cms - XSS
GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page
by Roel van Beurden
CVSS 5.4
Cmsmadesimple Cms Made Simple - XSS
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.
by Roel van Beurden
CVSS 5.4
SpinetiX Fusion Digital Signage 3.4.8 - Info Disclosure
SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing the server's error responses.
by LiquidWorm
CVSS 5.3
SpinetiX Fusion Digital Signage <3.4.8 - Info Disclosure
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information.
by LiquidWorm
CVSS 7.5
SpinetiX Fusion Digital Signage 3.4.8 - CSRF
SpinetiX Fusion Digital Signage 3.4.8 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that automatically submits a form to create a new admin user with full system privileges when a logged-in user visits the page.
by LiquidWorm
CVSS 8.8
Sony IPELA Network Camera 1.82.01 - RCE
Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality, potentially causing remote code execution or denial of service.
by LiquidWorm
CVSS 9.8
BrightSign Digital Signage Diagnostic Web Server <8.2.26 - SSRF
BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forcing the application to make arbitrary HTTP requests to internal network hosts.
by LiquidWorm
SpinetiX Fusion Digital Signage <3.4.8 - Path Traversal
SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to write backup files to arbitrary locations and delete files by manipulating backup and file delete requests.
by LiquidWorm
CVSS 8.1
By Source