Exploitdb Exploits
50,076 exploits tracked across all sources.
qdPM < 9.1 - Authenticated Remote Code Execution via Profile Photo Path Traversal
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.
by Tobin Shields
CVSS 8.8
Business Live Chat Software 1.0 - CSRF
Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with administrative access parameters.
by Meisam Monsef
CVSS 5.3
Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m - OS Command Injection via ping.cgi
Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.
by Raki Ben Hamouda
CVSS 8.8
PhpIX 2012 Professional - SQL Injection
PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information.
by indoushka
CVSS 7.1
Core FTP LE 2.2 - Denial of Service via Account Field Buffer Overflow
Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account field to cause the application to become unresponsive and require reinstallation.
by Ismael Nava
CVSS 7.5
OpenSMTPD OOB Read Local Privilege Escalation
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
by Qualys Corporation
CVSS 9.8
OpenSMTPD < 6.6.4 - Local Arbitrary File Read via Race Condition in makemap.c and smtpd.c
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
by Qualys Corporation
CVSS 4.7
SpotFTP-FTP Password Recover <2.4.8 - DoS
SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash.
by Ismael Nava
CVSS 7.5
aSc TimeTables 2020.11.4 - Denial of Service via Subject Title Buffer Overflow
aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. Attackers can generate a 1000-character buffer and paste it into the Subject title to trigger an application crash and potential instability.
by Ismael Nava
CVSS 7.5
Odin Secure FTP Expert 7.6.3 - Denial of Service (PoC)
by berat isler
CardGate Payments <3.1.15 - Auth Bypass
An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.
by GeekHack
CVSS 8.1
Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass
by GeekHack
eLection 2.0 - Authenticated SQL Injection
eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploading backdoor files to the web application directory.
by J3rryBl4nks
CVSS 7.1
ATutor 2.2.4 - Authenticated SQL Injection via Admin User Deletion ID Parameter
ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'id' parameter of the admin_delete.php script to potentially extract or modify database information.
by Andrey Stoykov
CVSS 7.1
ACE Security WiP-90113 HD Camera - Info Disclosure
ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /config_backup.bin endpoint, exposing credentials and system settings.
by Todor Donev
CVSS 7.5
AMSS++ 4.31 - SQL Injection via Mail Module id Parameter
AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentially access or modify database contents.
by indoushka
CVSS 8.2
AMSS++ 4.7 - Authentication Bypass via Hardcoded Credentials
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system.
by indoushka
CVSS 7.5
DotNetNuke < 9.5.0 - Persistent Cross-Site Scripting via Journal XML File Upload
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially bypassing CSRF protections and performing more damaging attacks.
by Sajjad Pourali
CVSS 6.4
ESCAM QD-900 WIFI HD - Info Disclosure
ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that may facilitate further compromise of the camera or connected network.
by Todor Donev
Pablo Quick 'n Easy Web Server < 3.3.8 - Unauthenticated Heap Memory Corruption via Host/Domain Parameter
The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remote code execution because of a double free.
by Cody Winkler
CVSS 7.5
GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection
by emaragkos
CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin)
by J3rryBl4nks
Real Web Pentesting Tutorial Step by Step - [Persian]
by Meisam Monsef
Apache James Server < 2.3.2.1 - OS Command Injection
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.
by Metasploit
CVSS 8.1
By Source