Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-36966 EXPLOITDB MEDIUM text
Dolibarr 11.0.3 - Stored Cross-Site Scripting via LDAP Synchronization Parameters
Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary JavaScript and potentially steal user cookie information.
by Mehmet Kelepçe
CVSS 6.4
EIP-2026-118084 EXPLOITDB python
VUPlayer 2.49 .m3u - Local Buffer Overflow (DEP_ASLR)
by Gobinathan
CVE-2020-5752 EXPLOITDB HIGH text VERIFIED
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
by Matteo Malvica
CVSS 7.8
EIP-2026-107541 EXPLOITDB python
Gym Management System 1.0 - Unauthenticated Remote Code Execution
by boku
CVE-2020-2555 EXPLOITDB CRITICAL ruby VERIFIED
Oracle Coherence 3.7.1.0/12.1.3.0.0/12.2.1.3-4 - RCE
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by Metasploit
CVSS 9.8
CVE-2020-37070 EXPLOITDB CRITICAL text
CloudMe 1.11.2 - Remote Code Execution via Crafted Network Packets
CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code through crafted network packets. Attackers can exploit the vulnerability by sending a specially crafted payload to the CloudMe service running on port 8888, enabling remote code execution.
by Xenofon Vassilakopoulos
CVSS 9.8
CVE-2020-36996 EXPLOITDB MEDIUM text
PHPFusion < 9.03.50 - Stored Cross-Site Scripting in print.php via Forum Message
PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize user-submitted message content. Attackers can inject malicious JavaScript through forum messages that will execute when the print page is generated, allowing script execution in victim browsers.
by coiffeur
CVSS 6.4
CVE-2020-26802 EXPLOITDB HIGH text
forma.lms 2.3.0.2 - CSRF
forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover.
by Daniel Ortiz
CVSS 8.8
EIP-2026-114834 EXPLOITDB python
AbsoluteTelnet 11.21 - 'Username' Denial of Service (PoC)
by Xenofon Vassilakopoulos
EIP-2026-106112 EXPLOITDB text
Composr CMS 10.0.30 - Persistent Cross-Site Scripting
by Manuel García Cárdenas
CVE-2020-13144 EXPLOITDB HIGH text
Open edX Ironwood 2.5 - Unauthenticated Remote Code Execution via Custom Python Evaluated Code
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution.
by Daniel Monzón
CVSS 8.8
CVE-2020-37071 EXPLOITDB CRITICAL python
CraftCMS 3 vCard Plugin 1.0.0 - Code Injection
CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download functionality with a specially crafted request.
by Wade Guest
CVSS 9.8
CVE-2020-8617 EXPLOITDB HIGH python
BIND 9.0.0-9.11.17 - Denial of Service via TSIG Key Assertion Failure
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.
by Teppei Fukuda
CVSS 7.5
CVE-2020-37073 EXPLOITDB HIGH text
Victor CMS 1.0 - Authenticated Arbitrary File Upload via user_image Parameter
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file with a 'cmd' parameter.
by Kishan Lal Choudhary
CVSS 8.8
CVE-2020-37072 EXPLOITDB HIGH text
Victor CMS 1.0 - Stored Cross-Site Scripting via Comment Author Parameter
Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers.
by Kishan Lal Choudhary
CVSS 7.2
CVE-2020-14960 EXPLOITDB HIGH text
php-fusion 9.03.50 - SQL Injection via Comments Administration Endpoint ctype Parameter
A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,
by SunCSR
CVSS 7.2
CVE-2020-13157 EXPLOITDB MEDIUM text
NukeViet 4.4 - Cross-Site Request Forgery via User Edit URI
modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed.
by JEBARAJ
CVSS 6.5
CVE-2020-13156 EXPLOITDB MEDIUM text
NukeViet 4.4 - Cross-Site Request Forgery via User Add Admin Endpoint
modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI.
by JEBARAJ
CVSS 6.5
CVE-2020-13155 EXPLOITDB HIGH text
NukeViet 4.4 - Cross-Site Request Forgery via clearsystem.php deltype Parameter
clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI.
by JEBARAJ
CVSS 8.8
EIP-2026-113076 EXPLOITDB text
Victor CMS 1.0 - 'cat_id' SQL Injection
by Kishan Lal Choudhary
CVE-2020-12882 EXPLOITDB MEDIUM text
Submitty <= 20.04.01 - Cross-Site Scripting via SVG Upload
Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow.
by humblelad
CVSS 5.4
EIP-2026-111612 EXPLOITDB text
qdPM 9.1 - 'cfg[app_app_name]' Persistent Cross-Site Scripting
by Kishan Lal Choudhary
CVE-2020-11108 EXPLOITDB HIGH ruby VERIFIED
Pi-Hole heisenbergCompensator Blocklist OS Command Execution
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.
by Metasploit
CVSS 8.8
CVE-2020-36998 EXPLOITDB MEDIUM text
Forma.lms The E-Learning Suite 2.3.0.2 - XSS
Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbitrary JavaScript without proper input sanitization.
by Daniel Ortiz
CVSS 6.4
CVE-2020-13384 EXPLOITDB HIGH text
Monstra CMS 3.0.4 - Authenticated Arbitrary PHP File Upload via .php7 Extension
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048.
by Kishan Lal Choudhary
CVSS 8.8