Exploitdb Exploits
50,076 exploits tracked across all sources.
WordPress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection
by Nguyen Khang
Online Healthcare Patient Record Management System 1.0 - Authentication Bypass
by Daniel Monzón
Online Healthcare management system 1.0 - Authentication Bypass
by BKpatron
HP LinuxKI < 6.0-2 - Remote Code Execution
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
by Cody Winkler
CVSS 9.8
Oracle Food and Beverage Apps <5.7 - RCE
Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported version that is affected is 5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality RES 3700. While the vulnerability is in Oracle Hospitality RES 3700, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality RES 3700. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
by Walid Faour
CVSS 9.0
Mikrotik Router Monitoring System <2018-10-22 - SQL Injection
An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community.
by jul10l1r4
CVSS 9.8
ManageEngine ServiceDesk Plus < 10500 - Stored Cross-Site Scripting via Workstation Software Name
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.
by Felipe Molina
CVSS 6.1
Dameware Remote Support 12.1.1.273 - Buffer Overflow (SEH)
by gurbanli
E-Commerce System 1.0 - Unauthenticated Remote Code Execution
by SunCSR
Complaint Management System 1.0 - 'username' SQL Injection
by Daniel Ortiz
Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution
by Seecko Das
Remote Desktop Audit 2.3.0.157 - RCE
Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH) bypass and execute shellcode when importing computer lists.
by gurbanli
CVSS 9.8
Tryton < 5.4 - Stored Cross-Site Scripting via User Profile Name Input
Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user interfaces.
by Vulnerability-Lab
CVSS 6.4
Sellacious eCommerce < 4.6 - Stored Cross-Site Scripting in Manage Your Addresses Module
Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. Attackers can exploit multiple address input fields like full name, company, and address to execute persistent script code that can hijack user sessions and manipulate application modules.
by Vulnerability-Lab
CVSS 6.4
LanSend 3.2 - Remote Code Execution via Add Computers Wizard File Import
LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH) overwrite and execute shellcode when importing computers from a file.
by gurbanli
CVSS 9.8
Orchard Core RC1 - Stored Cross-Site Scripting via Blog Post MarkdownBodyPart.Source Parameter
Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.
by SunCSR
CVSS 6.4
idangero chop_slider - Blind SQL Injection via id GET Parameter
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
by SunCSR
CVSS 9.8
TylerTech Eagle 2018.3.11 - Remote Code Execution via Untrusted Java Deserialization
TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI.
by Anthony Cole
CVSS 8.8
Cisco Catalyst Center < 1.3.0.6 - Authenticated Stored Cross-Site Scripting
A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs administrator credentials. This vulnerability affects Cisco DNA Center Software releases earlier than 1.3.0.6 and 1.3.1.4.
by Dylan Garnaud
CVSS 4.8
By Source