Exploitdb Exploits
50,076 exploits tracked across all sources.
Dolibarr 11.0.3 - Stored Cross-Site Scripting via LDAP Synchronization Parameters
Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary JavaScript and potentially steal user cookie information.
by Mehmet Kelepçe
CVSS 6.4
VUPlayer 2.49 .m3u - Local Buffer Overflow (DEP_ASLR)
by Gobinathan
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
by Matteo Malvica
CVSS 7.8
Gym Management System 1.0 - Unauthenticated Remote Code Execution
by boku
Oracle Coherence 3.7.1.0/12.1.3.0.0/12.2.1.3-4 - RCE
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by Metasploit
CVSS 9.8
CloudMe 1.11.2 - Remote Code Execution via Crafted Network Packets
CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code through crafted network packets. Attackers can exploit the vulnerability by sending a specially crafted payload to the CloudMe service running on port 8888, enabling remote code execution.
by Xenofon Vassilakopoulos
CVSS 9.8
PHPFusion < 9.03.50 - Stored Cross-Site Scripting in print.php via Forum Message
PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize user-submitted message content. Attackers can inject malicious JavaScript through forum messages that will execute when the print page is generated, allowing script execution in victim browsers.
by coiffeur
CVSS 6.4
forma.lms 2.3.0.2 - CSRF
forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover.
by Daniel Ortiz
CVSS 8.8
AbsoluteTelnet 11.21 - 'Username' Denial of Service (PoC)
by Xenofon Vassilakopoulos
Composr CMS 10.0.30 - Persistent Cross-Site Scripting
by Manuel García Cárdenas
Open edX Ironwood 2.5 - Unauthenticated Remote Code Execution via Custom Python Evaluated Code
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution.
by Daniel Monzón
CVSS 8.8
CraftCMS 3 vCard Plugin 1.0.0 - Code Injection
CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download functionality with a specially crafted request.
by Wade Guest
CVSS 9.8
BIND 9.0.0-9.11.17 - Denial of Service via TSIG Key Assertion Failure
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.
by Teppei Fukuda
CVSS 7.5
Victor CMS 1.0 - Authenticated Arbitrary File Upload via user_image Parameter
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file with a 'cmd' parameter.
by Kishan Lal Choudhary
CVSS 8.8
Victor CMS 1.0 - Stored Cross-Site Scripting via Comment Author Parameter
Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers.
by Kishan Lal Choudhary
CVSS 7.2
php-fusion 9.03.50 - SQL Injection via Comments Administration Endpoint ctype Parameter
A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,
by SunCSR
CVSS 7.2
NukeViet 4.4 - Cross-Site Request Forgery via User Edit URI
modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed.
by JEBARAJ
CVSS 6.5
NukeViet 4.4 - Cross-Site Request Forgery via User Add Admin Endpoint
modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI.
by JEBARAJ
CVSS 6.5
NukeViet 4.4 - Cross-Site Request Forgery via clearsystem.php deltype Parameter
clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI.
by JEBARAJ
CVSS 8.8
Submitty <= 20.04.01 - Cross-Site Scripting via SVG Upload
Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow.
by humblelad
CVSS 5.4
qdPM 9.1 - 'cfg[app_app_name]' Persistent Cross-Site Scripting
by Kishan Lal Choudhary
Pi-Hole heisenbergCompensator Blocklist OS Command Execution
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.
by Metasploit
CVSS 8.8
Forma.lms The E-Learning Suite 2.3.0.2 - XSS
Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbitrary JavaScript without proper input sanitization.
by Daniel Ortiz
CVSS 6.4
Monstra CMS 3.0.4 - Authenticated Arbitrary PHP File Upload via .php7 Extension
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048.
by Kishan Lal Choudhary
CVSS 8.8
By Source