Exploitdb Exploits
50,186 exploits tracked across all sources.
Clinic Management System 1.0 - Unauthenticated Remote Code Execution
by BKpatron
Clinic Management System 1.0 - Authenticated Arbitrary File Upload
by BKpatron
Cayin Digital Signage System xPost 2.5 - Remote Command Injection
by LiquidWorm
Cayin Content Management Server 11.0 - Remote Command Injection (root)
by LiquidWorm
VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution
by Tomas Melicher
Dlink Dir-615 Firmware - Brute Force
The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.
by huzaifa hussain
CVSS 8.8
Microsoft Windows 10 1903 - Memory Corruption
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
by chompie1337
CVSS 10.0
OpenCart 3.0.3.2 - XSS
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section.
by Kailash Bohara
CVSS 5.4
Vmware Vcloud Director < 9.5.0.6 - Remote Code Execution
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.
by aaronsvk
CVSS 8.8
bbPress <2.6.5 - Privilege Escalation
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.
by Raphael Karger
CVSS 9.8
QuickBox <2.5.5-2.1.8 - Command Injection
QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter.
by s1gh
CVSS 8.8
VMware vCenter Server vmdir Information Disclosure
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
by Photubias
CVSS 9.8
Crystal Shard http-protection 0.2.0 - SSRF
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and gain unauthorized access.
by Halis Duraki
CVSS 9.8
WordPress Multi-Scheduler <1.0.0 - CSRF
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.
by UnD3sc0n0c1d0
CVSS 6.5
Online-Exam-System 2015 - SQL Injection
Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information.
by Berk Dusunur
CVSS 8.2
Nokia Vitalsuite - SQL Injection
NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.
by Berk Dusunur
CVSS 9.8
Eyoucms < 1.4.7 - XSS
Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.
by China Banking and Insurance Information Technology Management Co.
CVSS 6.1
QNAP QTS and Photo Station 6.0.3 - Remote Command Execution
by Th3GundY
Phpgurukul Online Marriage Registration System - XSS
Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters.
by that faceless coder
CVSS 5.4
phpgurukul Online Marriage Registration System 1.0 - XSS
Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field.
by that faceless coder
CVSS 5.4
OXID eShop <6.3.4 - SQL Injection
OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerability by manipulating the sorting parameter to inject PHP code into the database and execute arbitrary code through crafted URLs.
by VulnSpy
CVSS 8.2
osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting
by Matthew Aberegg
osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting
by Matthew Aberegg
By Source