Exploitdb Exploits
50,186 exploits tracked across all sources.
Open-AudIT Professional 3.3.1 - Remote Code Execution
by Askar
School ERP Pro 1.0 - RCE
School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server.
by Besim
CVSS 9.8
School ERP Pro 1.0 - SQL Injection
School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete database information.
by Besim
CVSS 8.2
School ERP Pro 1.0 - RCE
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the server.
by Besim
CVSS 7.2
NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path
by Roberto Piña
Docker < 2.1.0.1 - Incorrect Permission Assignment
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.
by Metasploit
CVSS 7.8
Netis E1+ 1.2.32533 - Info Disclosure
Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network credentials including SSID and WiFi passwords in plain text.
by Besim
CVSS 7.5
Netis E1+ <1.2.32533 - Privilege Escalation
Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the network device.
by Besim
CVSS 7.5
Maian Support Helpdesk <4.3 - CSRF
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FAQ attachment system.
by Besim
CVSS 5.3
Online Course Registration 2.0 - SQL Injection
Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/check_availability.php, admin/index.php, change-password.php, check_availability.php, includes/header.php, index.php, and pincode-verification.php.
by Daniel Monzón
CVSS 9.8
Online shopping system advanced 1.0 - 'p' SQL Injection
by Majid kalantari
Valvesoftware Source - OS Command Injection
Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account.
by 0xEmma
CVSS 7.8
Edimax EW-7438RPn Mini <1.13 - Command Injection
An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.
by Besim
CVSS 8.8
Edimax EW-7438RPn <1.13 - Command Injection
An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacters to achieve arbitrary command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-14 UTC.
by Besim
CVSS 8.8
EspoCRM 5.8.5 - Auth Bypass
EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access to administrative user information and privileges.
by Besim
CVSS 9.8
Popcorn Time 6.2.1.14 - Privilege Escalation
Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files (x86) or system root directories to be executed with SYSTEM-level permissions during service startup.
by Uriel Yochpaz
CVSS 7.8
Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution
by LiquidWorm
User Management System 2.0 - Persistent Cross-Site Scripting
by Besim
Library CMS Powerful Book Management System 2.2.0 - Session Fixation
by Ismail Tasdelen
Complaint Management System 4.2 - Persistent Cross-Site Scripting
by Besim
Complaint Management System 4.2 - Cross-Site Request Forgery (Delete User)
by Besim
By Source