Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102245 EXPLOITDB text
HardDrive 2.1 for iOS - Arbitrary File Upload
by Vulnerability-Lab
CVE-2020-37088 EXPLOITDB HIGH text
School ERP Pro 1.0 - Info Disclosure
School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system credentials and configuration information.
by Besim
CVSS 7.5
CVE-2020-37087 EXPLOITDB MEDIUM text
Easy Transfer Wifi Transfer v1.7 - XSS
Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input validation via POST requests to execute arbitrary JavaScript in the context of the mobile web application.
by Vulnerability-Lab
CVE-2020-37086 EXPLOITDB MEDIUM text
Easy Transfer 1.7 iOS - Path Traversal
Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download sensitive system files and inject malicious scripts into application parameters.
by Vulnerability-Lab
CVSS 6.2
CVE-2020-37058 EXPLOITDB HIGH text
Andrea ST Filters Service <1.0.64.7 - Code Injection
Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code that will execute with elevated LocalSystem privileges during service startup.
by Roberto Piña
CVSS 7.8
EIP-2026-117337 EXPLOITDB text
Internet Download Manager 6.37.11.1 - Stack Buffer Overflow (PoC)
by Vulnerability-Lab
EIP-2026-117127 EXPLOITDB text
EmEditor 19.8 - Insecure File Permissions
by SajjadBnd
CVE-2019-3999 EXPLOITDB HIGH text VERIFIED
Druva inSync Windows Client 6.5.0 - Unauthenticated OS Command Injection
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
by Chris Lyne
CVSS 7.8
EIP-2026-110241 EXPLOITDB python VERIFIED
Open-AudIT Professional 3.3.1 - Remote Code Execution
by Askar
EIP-2026-107595 EXPLOITDB text
hits script 1.0 - 'item_name' SQL Injection
by SajjadBnd
CVE-2020-37090 EXPLOITDB CRITICAL text
School ERP Pro 1.0 - Unauthenticated Remote Code Execution via Message Attachment Upload
School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server.
by Besim
CVSS 9.8
CVE-2020-37089 EXPLOITDB HIGH text
School ERP Pro 1.0 - SQL Injection via es_messagesid Parameter
School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete database information.
by Besim
CVSS 8.2
CVE-2020-37084 EXPLOITDB HIGH text
School ERP Pro 1.0 - Authenticated Remote Code Execution via Profile Photo Upload
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the server.
by Besim
CVSS 7.2
EIP-2026-118370 EXPLOITDB python
CloudMe 1.11.2 - Buffer Overflow (PoC)
by Andy Bowden
EIP-2026-117714 EXPLOITDB text
NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path
by Roberto Piña
CVE-2019-15752 EXPLOITDB HIGH ruby VERIFIED
Docker Desktop Community Edition < 2.1.0.1 - Privilege Escalation via Trojan Horse docker-credential-wincred.exe
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.
by Metasploit
CVSS 7.8
CVE-2020-37093 EXPLOITDB HIGH text
Netis E1+ 1.2.32533 - Info Disclosure
Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network credentials including SSID and WiFi passwords in plain text.
by Besim
CVSS 7.5
CVE-2020-37092 EXPLOITDB HIGH text
Netis E1+ <1.2.32533 - Privilege Escalation
Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device.
by Besim
CVSS 7.5
CVE-2020-37091 EXPLOITDB MEDIUM text
Maian Support Helpdesk 4.3 - Unauthenticated Cross-Site Request Forgery to Add Admin
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FAQ attachment system.
by Besim
CVSS 5.3
CVE-2020-12429 EXPLOITDB CRITICAL text
Online Course Registration 2.0 - SQL Injection
Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/check_availability.php, admin/index.php, change-password.php, check_availability.php, includes/header.php, index.php, and pincode-verification.php.
by Daniel Monzón
CVSS 9.8
EIP-2026-110812 EXPLOITDB text
PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload
by Besim
EIP-2026-110181 EXPLOITDB text
Online shopping system advanced 1.0 - 'p' SQL Injection
by Majid kalantari
CVE-2020-12242 EXPLOITDB HIGH text
Valve Source - Local Privilege Escalation via /tmp/hl2_relaunch File Execution
Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account.
by 0xEmma
CVSS 7.8
CVE-2025-34029 EXPLOITDB HIGH text
Edimax EW-7438RPn Mini <1.13 - Command Injection
An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.
by Besim
CVSS 8.8
CVE-2025-34024 EXPLOITDB HIGH text
Edimax EW-7438RPn <1.13 - Command Injection
An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacters to achieve arbitrary command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.
by Besim
CVSS 8.8