Exploitdb Exploits
50,186 exploits tracked across all sources.
Zen Load Balancer 3.10.1 - Directory Traversal (Metasploit)
by Dhiraj Mishra
Edimax EW-7438RPn <1.13 - Info Disclosure
Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and plaintext password stored in device configuration variables.
by Besim
CVSS 7.5
Edimax EW-7438RPn <1.13 - CSRF
Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized MAC addresses to the device's filtering rules without their consent.
by Besim
CVSS 5.3
RM Downloader 3.1.3.2.2010.06.13 - 'Load' Buffer Overflow (SEH)
by Felipe Winsnes
Mahara 19.10.2 CMS - Persistent Cross-Site Scripting
by Vulnerability-Lab
NSClient++ <0.5.2.35 - Authenticated RCE
An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interface (default port 8443), inject arbitrary commands as external scripts via the /settings/query.json API, save the configuration, and trigger the script via the /query/{name} endpoint. The injected commands are executed with SYSTEM privileges, enabling full remote compromise.
This capability is an intended feature, but the lack of safeguards or privilege separation makes it risky when exposed to untrusted actors.
by kindredsec
CVSS 7.8
NSClient++ <0.5.2.35 - Privilege Escalation
A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local users. By extracting this password, an attacker can authenticate to the NSClient++ web interface (typically accessible on port 8443) and abuse the ExternalScripts plugin to inject and execute arbitrary commands as SYSTEM by registering a custom script, saving the configuration, and triggering it via the API.
This behavior is documented but insecure, as the plaintext credential exposure undermines access isolation between local users and administrative functions.
by kindredsec
CVSS 7.8
P5 FNIP-8x16A/FNIP-4xSH <1.0.20, 1.0.11 - XSS
P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser session in the context of the affected site. This can be exploited by submitting crafted input to the label modification functionality, such as the 'lab4' parameter in config.html.
by LiquidWorm
CVSS 3.5
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - CSRF
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted page.
by LiquidWorm
CVSS 3.5
jizhiCMS 1.6.7 - File Download
jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and download_url parameters to trigger unauthorized file downloads.
by jizhicms
CVSS 8.8
PMB 5.6 - SQL Injection
PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php endpoint with manipulated logid values to interact with the database.
by 41-trk
CVSS 7.1
Cszcms Csz Cms - XSS
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend dashboard.
by Metin Yunus Kandemir
CVSS 5.4
Cszcms Csz Cms - XSS
CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering attacks.
by Metin Yunus Kandemir
CVSS 5.4
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - CSRF
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted form.
by LiquidWorm
CVSS 4.3
Taskautomation Carbonftp - Broken Cryptographic Algorithm
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary.
by hyp3rlinx
CVSS 5.5
Oracle Solaris <11 - Privilege Escalation
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
by Marco Ivaldi
CVSS 8.8
Rubo DICOM Viewer 2.0 - Buffer Overflow
Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by overwriting SEH and triggering remote code execution.
by bzyo
CVSS 9.8
Nsauditor 3.0.28-3.2.1.0 - RCE
Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a carefully constructed exploit.
by Cervoise
CVSS 9.8
Atomic Alarm Clock 6.3 - Privilege Escalation
Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit the unquoted service path by placing a malicious executable named 'Program.exe' to gain persistent system-level access.
by boku
CVSS 7.8
Fork CMS 5.8.0 - Persistent Cross-Site Scripting
by Vulnerability-Lab
By Source