Exploitdb Exploits
50,076 exploits tracked across all sources.
College Management System Php 1.0 - SQL Injection via Unfiltered POST Parameters
College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query.
by BLAY ABU SAFIAN
CVSS 9.8
10-Strike Bandwidth Monitor 3.9 - Privilege Escalation
10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services that allows local attackers to escalate privileges. Attackers can place a malicious executable in specific file path locations to achieve privilege escalation to SYSTEM during service startup.
by boku
CVSS 7.8
Gila CMS 1.11.8 - SQL Injection via Admin SQL Query Parameter
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
by BillyV4
CVSS 7.2
SOS JobScheduler <1.13 - Info Disclosure
A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile.
by Sander Ubink
CVSS 7.5
Sysax Multi Server 6.90 - Reflected Cross-Site Scripting via SCGI SID Parameter
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter.
by Luca Epifanio
CVSS 6.1
Avaya IP Office 9.x, 10.0-10.1.0.7, 11.0-11.0.4.3 - Insufficiently Protected Credentials
A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.
by hyp3rlinx
CVSS 5.5
Frigate Professional 3.36.0.9 - Buffer Overflow
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers a buffer overflow, enabling code execution and launching calculator as a proof of concept.
by Paras Bhatia
CVSS 8.4
Sistem Informasi Pengumuman Kelulusan Online 1.0 - CSRF
Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin credentials and create new administrative accounts without the victim's consent.
by Extinction
CVSS 5.3
10-Strike Bandwidth Monitor 3.9 - Buffer Overflow
10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the vulnerability by sending a malicious payload to the application's registration key input, enabling remote code execution and launching arbitrary system commands.
by boku
CVSS 9.8
WinGate 9.4.1.5998 - Incorrect Permission Assignment for Critical Resource
WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
by hyp3rlinx
CVSS 7.8
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection
by Mehmet Kelepçe
HFS Http File Server 2.3m Build 300 - Buffer Overflow (PoC)
by hyp3rlinx
Virtual Airlines Manager 2.6.2 - 'airport' SQL Injection
by Kostadin Tonev
Bludit 3.9.2 - Remote Code Execution via Image Upload Path Traversal
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
by Luis Vacacas
CVSS 8.8
Quick Player 1.3 - Buffer Overflow via Malicious .m3l File
Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious .m3l file with carefully constructed payload. Attackers can trigger the vulnerability by loading a specially crafted file through the application's file loading mechanism, potentially enabling remote code execution.
by Felipe Winsnes
CVSS 9.8
Frigate 3 Professional 3.36.0.9 - Local Buffer Overflow via Command Line Input
Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launching calc.exe through a specially crafted input sequence.
by Paras Bhatia
CVSS 8.4
Kyocera Printer d-COPIA253MF - Path Traversal
A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server.
by Hakan Eren ŞAN
CVSS 7.5
Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection
by Pankaj Kumar Thakur
Online-Exam-System 2015 - SQL Injection
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate user password characters.
by Gus Ralph
CVSS 8.2
IObit Uninstaller 9.5.0.15 Unquoted Service Path Privilege Escalation
IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a malicious executable named IObit.exe in the C:\Program Files (x86)\IObit directory and restart the service to execute code with SYSTEM privileges.
by Gobinathan
CVSS 7.8
Navigate CMS 2.8.7 - Cross-Site Request Forgery via Extension Upload
Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without additional validation.
by Gus Ralph
CVSS 4.3
By Source