Exploitdb Exploits
50,076 exploits tracked across all sources.
Victor CMS < 2019-02-28 - Cross-Site Scripting via Register User Firstname or Lastname Field
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
by Anushree Priyadarshini
CVSS 6.1
Reside Property Management 3.0 - 'profile' SQL Injection
by Behzad Khalifeh
Windscribe 1.83 - 'WindscribeService' Unquoted Service Path
by Ethan Seow
KiteService 1.2020.618.0 - Unquoted Service Path
by Marcos Antonio León
mySCADA myPRO 7 - Use of Hard-coded Credentials in myscadagate.exe
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
by Emre ÖVÜNÇ
CVSS 9.1
Global RADAR BSA Radar <1.6.7234.24750 - XSS
The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile.
by William Summerhill
CVSS 5.4
Code Blocks 20.03 - Denial of Service via FSymbols Search Field
Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into the search field to trigger an application crash.
by Paras Bhatia
CVSS 7.5
Lansweeper <7.2.x - Command Injection
Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features.
by Amel BOUZIANE-LEBLOND
CVSS 9.8
Online Student Enrollment System 1.0 - Cross-Site Request Forgery (Add Student)
by BKpatron
Frigate 2.02 - Denial of Service via Oversized Command Line Input
Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. Attackers can generate a payload of 8000 repeated characters and paste it into the application's command line field to trigger an application crash.
by Paras Bhatia
CVSS 7.5
WebPort 1.19.1 - Cross-Site Scripting via Setup Type Parameter
Web Port 1.19.1 allows XSS via the /access/setup type parameter.
by Emre ÖVÜNÇ
CVSS 6.1
Student Enrollment 1.0 - Unauthenticated Remote Code Execution
by Enesdex
Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload
by BKpatron
WebPort 1.19.1 - Cross-Site Scripting via Log Type Parameter
Web Port 1.19.1 allows XSS via the /log type parameter.
by Emre ÖVÜNÇ
CVSS 6.1
FileRun 2019.05.21 - Cross-Site Scripting via Filename Upload Parameter
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This issue has been fixed in FileRun 2019.06.01.
by Emre ÖVÜNÇ
CVSS 6.1
Eaton Intelligent Power Manager 1.6 - Directory Traversal
by Emre ÖVÜNÇ
Beauty Parlour Management System 1.0 - Authentication Bypass
by Prof. Kailas PATIL
OpenCTI 3.3.1 - Reflected Cross-Site Scripting via GraphQL Endpoint
OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For example, a request to /graphql?'"--></style></scRipt><scRipt>alert('Raif_Berkay')</scRipt> will trigger an alert. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.
by Raif Berkay Dincel
CVSS 5.4
OpenCTI 3.3.1 - Unauthenticated Directory Traversal via Static CSS Endpoint
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting /static/css//../../../../../../../../etc/passwd returns the contents of /etc/passwd. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.
by Raif Berkay Dincel
CVSS 7.5
Code Blocks 17.12 - Buffer Overflow
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field during project creation, potentially executing system commands like calc.exe.
by Paras Bhatia
CVSS 8.4
By Source