Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-37053 EXPLOITDB HIGH python
Navigate CMS 2.8.7 - Authenticated SQL Injection
Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts.
by Gus Ralph
CVSS 7.1
CVE-2020-37052 EXPLOITDB CRITICAL python
Ubiquiti AirControl 1.4.2 - Unauthenticated Remote Code Execution via Java Expression Injection in /.seam Endpoint
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedded Java expressions to run commands with the application's system privileges.
by 0xd0ff9
CVSS 9.8
CVE-2020-5510 EXPLOITDB CRITICAL text
PHPGurukul Hostel Mgt Sys <2.0 - SQL Injection
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.
by Enesdex
CVSS 9.8
CVE-2020-36910 EXPLOITDB HIGH python
Cayin Signage Media Player 3.0 - Command Injection
Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root.
by LiquidWorm
CVSS 8.8
CVE-2020-36909 EXPLOITDB MEDIUM text
SnapGear Management Console SG560 3.1.5 - Privilege Escalation
SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/edit_config_files to access and modify files outside the intended /etc/config/ directory.
by LiquidWorm
CVSS 6.5
CVE-2020-36908 EXPLOITDB MEDIUM text
SnapGear Management Console SG560 3.1.5 - CSRF
SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full administrative privileges when a logged-in user visits the page.
by LiquidWorm
CVSS 5.3
EIP-2026-110343 EXPLOITDB text
Oriol Espinal CMS 1.0 - 'id' SQL Injection
by TSAR
EIP-2026-110143 EXPLOITDB bash
Online Marriage Registration System 1.0 - Remote Code Execution (1)
by Enesdex
EIP-2026-109842 EXPLOITDB text
Navigate CMS 2.8.7 - Authenticated Directory Traversal
by Gus Ralph
EIP-2026-105922 EXPLOITDB text
Clinic Management System 1.0 - Unauthenticated Remote Code Execution
by BKpatron
EIP-2026-105919 EXPLOITDB text
Clinic Management System 1.0 - Authenticated Arbitrary File Upload
by BKpatron
EIP-2026-104194 EXPLOITDB text
Cayin Digital Signage System xPost 2.5 - Remote Command Injection
by LiquidWorm
EIP-2026-104193 EXPLOITDB text
Cayin Content Management Server 11.0 - Remote Command Injection (root)
by LiquidWorm
EIP-2026-102431 EXPLOITDB python
VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution
by Tomas Melicher
CVE-2019-17525 EXPLOITDB HIGH text
D-Link DIR-615 T1 20.10 - Unauthenticated CAPTCHA Bypass via Login Page
The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.
by huzaifa hussain
CVSS 8.8
CVE-2020-0796 EXPLOITDB CRITICAL python
Windows 10 1903/1909 and Windows Server 1903/1909 - Remote Code Execution via SMBv3 Compression Buffer Overflow
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
by chompie1337
CVSS 10.0
CVE-2020-10596 EXPLOITDB MEDIUM text
OpenCart 3.0.3.2 - Authenticated Stored Cross-Site Scripting via Image Upload Filename
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section.
by Kailash Bohara
CVSS 5.4
EIP-2026-105920 EXPLOITDB text
Clinic Management System 1.0 - Authentication Bypass
by BKpatron
CVE-2020-3956 EXPLOITDB HIGH python
VMware Cloud Director 9.5.0.0-9.5.0.5 - Authenticated Remote Code Execution via Expression Language Injection
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.
by aaronsvk
CVSS 8.8
CVE-2020-13693 EXPLOITDB CRITICAL python
bbPress <2.6.5 - Privilege Escalation
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.
by Raphael Karger
CVSS 9.8
CVE-2020-13448 EXPLOITDB HIGH python
QuickBox <2.5.5-2.1.8 - Command Injection
QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter.
by s1gh
CVSS 8.8
CVE-2020-3952 EXPLOITDB CRITICAL text
VMware vCenter Server vmdir Information Disclosure
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
by Photubias
CVSS 9.8
CVE-2020-37056 EXPLOITDB CRITICAL python
Crystal Shard http-protection 0.2.0 - SSRF
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and gain unauthorized access.
by Halis Duraki
CVSS 9.8
CVE-2020-13426 EXPLOITDB MEDIUM text
WordPress Multi-Scheduler <1.0.0 - CSRF
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.
by UnD3sc0n0c1d0
CVSS 6.5
CVE-2020-37057 EXPLOITDB HIGH text
Online-Exam-System 2015 - SQL Injection
Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information.
by Berk Dusunur
CVSS 8.2