Exploitdb Exploits
50,186 exploits tracked across all sources.
Corephp Pago Commerce - SQL Injection
The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.
by Mehmet Kelepçe
CVSS 8.8
Rapid7 Nexpose Installer 6.6.39 - 'nexposeengine' Unquoted Service Path
by LiquidWorm
Pearson Vue VTS 2.3.1911 Installer - 'VUEApplicationWrapper' Unquoted Service Path
by Jok3r
RAD SecFlow-1v os-image SF_0290_2.3.01.26 - CSRF
A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. This could be exploited in conjunction with CVE-2020-13260.
by Jonatan Schor
CVSS 8.8
RAD SecFlow-1v - Authenticated XSS
A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. This payload will execute each time a user opens an affected web page. This could be exploited in conjunction with CVE-2020-13259.
by Jonatan Schor
CVSS 6.1
Tea LaTex 1.0 - RCE
Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious LaTeX payload with shell commands that are executed when processed by the application's tex2png API action.
by nepska
CVSS 9.8
Gnome Fonts Viewer 3.34.0 - Memory Corruption
Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to cause an infinite malloc() loop and potentially crash the gnome-font-viewer process.
by Cody Winkler
CVSS 7.5
Vtenext - CSRF
A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.
by Marco Ruela
CVSS 8.8
Vtenext - Unrestricted File Upload
A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.
by Marco Ruela
CVSS 8.8
Vtenext - XSS
A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email.
by Marco Ruela
CVSS 6.1
CutePHP CuteNews 2.1.2 - Code Injection
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
by Musyoka Ian
CVSS 8.8
ZTE F6x2w Firmware - Information Disclosure
V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.
by Hritik Vijay
CVSS 5.3
Audio Playback Recorder 3.2.2 - Buffer Overflow
Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler (SEH) to execute shellcode when pasting specially crafted input into the application's input fields.
by Felipe Winsnes
CVSS 8.4
Input Director 1.4.3 - Privilege Escalation
Input Director 1.4.3 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions.
by TOUHAMI Kasbaoui
CVSS 7.8
Scopia XT Desktop 8.3.915.4 - Cross-Site Request Forgery (change admin password)
by V1n1v131r4
ShareMouse 5.0.43 - Privilege Escalation
ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the insecure service path configuration by placing malicious executables in specific system directories to gain elevated access during service startup.
by alacerda
CVSS 7.8
Arachnys Cabot < 0.11.16 - XSS
All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column.
by Abhiram V
CVSS 8.2
Arachnys Cabot - XSS
Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column.
by Abhiram V
CVSS 4.8
Grocy <= 2.7.1 - XSS
Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. The issue was also found in users, batteries, chores, equipment, locations, quantity units, shopping locations, tasks, taskcategories, product groups, recipes and products. Authentication is required to exploit these issues and Grocy should not be publicly exposed. The linked reference details a proof-of-concept.
by Mufaddal Masalawala
CVSS 7.3
Zohocorp Manageengine Applications Manager - Unrestricted File Upload
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.
by Hodorsec
CVSS 7.2
Nord VPN 6.31.13.0 - Code Injection
Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path during system startup or reboot to potentially run malicious code with LocalSystem permissions.
by chipo
CVSS 7.8
Real Time Logic BarracudaDrive <6.5 - Privilege Escalation
Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem.
by boku
CVSS 8.8
Sourcecodetester Daily Tracker System 1.0 - SQL Injection
A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter.
by Adeeb Shah
CVSS 9.8
By Source