Exploitdb Exploits
50,186 exploits tracked across all sources.
Cmsuno < 1.6.1 - CSRF
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
by Noth
CVSS 6.5
Wing FTP Server 6.3.8 - RCE
Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the os.execute() function.
by V1n1v131r4
CVSS 8.8
Infor Storefront B2B 1.0 - SQL Injection
Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usr_name' parameter to potentially extract or modify database information.
by ratboy
CVSS 8.2
Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass
by KeopssGroup0day_Inc
Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting
by KeopssGroup0day_Inc
Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection
by Mehmet Kelepçe
Zyxel Wap6806 Firmware - Path Traversal
Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI.
by Rajivarnan R
CVSS 8.6
Supermicro X10DRH-iT - CSRF
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.
by Metin Yunus Kandemir
CVSS 8.8
Trend Micro InterScan Web Security Virtual Appliance 6.5 - RCE
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability.
by Mehmet Ince
CVSS 8.8
Global RADAR BSA Radar <1.6.7234.24750 - Info Disclosure
downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath parameters in the URL, or while using a proxy. This vulnerability could be used to view local sensitive files or configuration files.
by William Summerhill
CVSS 4.3
Park Ticketing Management System 1.0 - Authentication Bypass
by gh1mau
Park Ticketing Management System 1.0 - 'viewid' SQL Injection
by gh1mau
HelloWeb 2.0 - Path Traversal
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system files.
by bRpsd
CVSS 7.5
Arubanetworks Clearpass Policy Manager - Missing Authentication
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.
by SpicyItalian
CVSS 9.8
EnterpriseDT CompleteFTP Server <12.1.3 - Info Disclosure
EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash.
by 1F98D
CVSS 4.3
Wordpress Plugin Powie's WHOIS Domain Check 0.9.31 - Persistent Cross-Site Scripting
by mqt
Supermicro X10DRH-iT - CSRF
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.
by Metin Yunus Kandemir
CVSS 8.8
Global RADAR BSA Radar <1.6.7234.24750 - Privilege Escalation
Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser.
by William Summerhill
CVSS 9.8
Sickbeard alpha - Command Injection
Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the vulnerable Sickbeard installation.
by bdrake
CVSS 9.8
Microsoft Windows mshta.exe 2019 - XML External Entity Injection
by hyp3rlinx
By Source