Exploitdb Exploits
50,186 exploits tracked across all sources.
Global RADAR BSA Radar <1.6.7234.24750 - XSS
The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile.
by William Summerhill
CVSS 5.4
Code Blocks 20.03 - DoS
Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into the search field to trigger an application crash.
by Paras Bhatia
CVSS 7.5
Lansweeper <7.2.x - Command Injection
Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features.
by Amel BOUZIANE-LEBLOND
CVSS 9.8
Online Student Enrollment System 1.0 - Cross-Site Request Forgery (Add Student)
by BKpatron
Frigate 2.02 - DoS
Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. Attackers can generate a payload of 8000 repeated characters and paste it into the application's command line field to trigger an application crash.
by Paras Bhatia
CVSS 7.5
Webport Web Port - XSS
Web Port 1.19.1 allows XSS via the /access/setup type parameter.
by Emre ÖVÜNÇ
CVSS 6.1
Student Enrollment 1.0 - Unauthenticated Remote Code Execution
by Enesdex
Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload
by BKpatron
Webport Web Port - XSS
Web Port 1.19.1 allows XSS via the /log type parameter.
by Emre ÖVÜNÇ
CVSS 6.1
Afian Filerun < 2019.06.01 - XSS
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This issue has been fixed in FileRun 2019.06.01.
by Emre ÖVÜNÇ
CVSS 6.1
Eaton Intelligent Power Manager 1.6 - Directory Traversal
by Emre ÖVÜNÇ
Beauty Parlour Management System 1.0 - Authentication Bypass
by Prof. Kailas PATIL
OpenCTI 3.3.1 - XSS
OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For example, a request to /graphql?'"--></style></scRipt><scRipt>alert('Raif_Berkay')</scRipt> will trigger an alert. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.
by Raif Berkay Dincel
CVSS 5.4
OpenCTI 3.3.1 - Path Traversal
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting /static/css//../../../../../../../../etc/passwd returns the contents of /etc/passwd. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.
by Raif Berkay Dincel
CVSS 7.5
Code Blocks 17.12 - Buffer Overflow
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field during project creation, potentially executing system commands like calc.exe.
by Paras Bhatia
CVSS 8.4
College Management System - SQL Injection
College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query.
by BLAY ABU SAFIAN
CVSS 9.8
10-Strike Bandwidth Monitor 3.9 - Privilege Escalation
10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services that allows local attackers to escalate privileges. Attackers can place a malicious executable in specific file path locations to achieve privilege escalation to SYSTEM during service startup.
by boku
CVSS 7.8
Gila CMS 1.11.8 - SQL Injection
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
by BillyV4
CVSS 7.2
SOS JobScheduler <1.13 - Info Disclosure
A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile.
by Sander Ubink
CVSS 7.5
Sysax Multi Server 6.90 - XSS
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter.
by Luca Epifanio
CVSS 6.1
Avaya IP Office < 10.1.0.7 - Information Disclosure
A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.
by hyp3rlinx
CVSS 5.5
By Source