Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-36902 EXPLOITDB CRITICAL text
UBICOD Medivision Digital Signage 1.5.1 - Auth Bypass
UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send a GET request to /html/user with 'ft[grp]' set to integer value '3' to gain super admin rights without authentication.
by LiquidWorm
CVSS 9.8
EIP-2026-117917 EXPLOITDB python
Snes9K 0.09z - 'Port Number' Buffer Overflow (SEH)
by MasterVlad
CVE-2019-25232 EXPLOITDB CRITICAL python
NetPCLinker 1.0.0.0 - Buffer Overflow
NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Clients Control Panel DNS/IP field that allows attackers to execute arbitrary shellcode. Attackers can craft a malicious payload in the DNS/IP input to overwrite SEH handlers and execute shellcode when adding a new client.
by Saeed reza Zamanian
CVSS 9.8
CVE-2020-15364 EXPLOITDB MEDIUM text
nexos < 1.7 - Cross-Site Scripting via search_location Parameter
The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS.
by Vlad Vector
CVSS 6.1
EIP-2026-104447 EXPLOITDB python
Sophos VPN Web Panel 2020 - Denial of Service (Poc)
by Berk KIRAS
CVE-2020-7680 EXPLOITDB MEDIUM text
docsify < 4.11.4 - Cross-Site Scripting via Fragment Identifier
docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the /#/ (domain.com/#//attacker.com) and render arbitrary JavaScript/HTML inside docsify page.
by Amin Sharifi
CVSS 6.1
CVE-2020-37031 EXPLOITDB HIGH python
Simple Startup Manager 1.17 - Buffer Overflow
Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. Attackers can craft a malicious payload with 268 bytes to trigger code execution, bypassing DEP and overwriting memory addresses to launch calc.exe.
by PovlTekstTV
CVSS 8.4
CVE-2020-37020 EXPLOITDB HIGH text
SonarQube 8.3.1 - Privilege Escalation
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges during service restart.
by Velayutham Selvaraj
CVSS 7.8
CVE-2020-15600 EXPLOITDB MEDIUM text
CMSUno < 1.6.1 - Cross-Site Request Forgery via Admin Password Change
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
by Noth
CVSS 6.5
CVE-2020-37032 EXPLOITDB HIGH text
Wing FTP Server 6.3.8 - Authenticated Remote Code Execution via Lua Web Console os.execute()
Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the os.execute() function.
by V1n1v131r4
CVSS 8.8
CVE-2020-37226 EXPLOITDB HIGH text
Joomla J2 JOBS 1.3.0 Authenticated SQL Injection via sortby
Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract sensitive database information using automated tools.
by Mehmet Kelepçe
CVSS 7.1
CVE-2020-37033 EXPLOITDB HIGH text
Infor Storefront B2B 1.0 - SQL Injection
Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usr_name' parameter to potentially extract or modify database information.
by ratboy
CVSS 8.2
EIP-2026-113205 EXPLOITDB text
Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass
by KeopssGroup0day_Inc
EIP-2026-110155 EXPLOITDB text
Online Polling System 1.0 - Authentication Bypass
by AppleBois
EIP-2026-110101 EXPLOITDB text
Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting
by KeopssGroup0day_Inc
CVE-2020-14461 EXPLOITDB HIGH text
Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 - Path Traversal via images/eaZy/ URI
Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI.
by Rajivarnan R
CVSS 8.6
CVE-2020-15046 EXPLOITDB HIGH text
Supermicro X10DRH-iT BIOS 2.0a and IPMI Firmware 03.40 - Cross-Site Request Forgery via cgi/config_user.cgi
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.
by Metin Yunus Kandemir
CVSS 8.8
CVE-2020-8605 EXPLOITDB HIGH ruby
Trend Micro InterScan Web Security Virtual Appliance 6.5 - RCE
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability.
by Mehmet Ince
CVSS 8.8
CVE-2020-14946 EXPLOITDB MEDIUM text
Global RADAR BSA Radar <1.6.7234.24750 - Info Disclosure
downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath parameters in the URL, or while using a proxy. This vulnerability could be used to view local sensitive files or configuration files.
by William Summerhill
CVSS 4.3
EIP-2026-110480 EXPLOITDB text
Park Ticketing Management System 1.0 - Authentication Bypass
by gh1mau
EIP-2026-110479 EXPLOITDB text VERIFIED
Park Ticketing Management System 1.0 - 'viewid' SQL Injection
by gh1mau
CVE-2020-37034 EXPLOITDB HIGH text
HelloWeb 2.0 - Path Traversal and Arbitrary File Download via download.asp
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system files.
by bRpsd
CVSS 7.5
EIP-2026-105391 EXPLOITDB text
Barangay Management System 1.0 - Authentication Bypass
by BKpatron
CVE-2020-7115 EXPLOITDB CRITICAL bash
ClearPass Policy Manager 6.7.0-6.7.12 - Unauthenticated Remote Command Execution via Authentication Bypass
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.
by SpicyItalian
CVSS 9.8
CVE-2020-37225 EXPLOITDB MEDIUM text
Powie's WHOIS Domain Check 0.9.31 Persistent Cross-Site Scripting
Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in plugin settings. Attackers can submit malicious payloads through textarea and input elements in the pwhois_settings.php configuration page to execute JavaScript in the admin context and escalate privileges.
by mqt
CVSS 6.4