Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-7246 EXPLOITDB HIGH python
qdPM < 9.1 - Authenticated Remote Code Execution via Profile Photo Path Traversal
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.
by Tobin Shields
CVSS 8.8
CVE-2020-37106 EXPLOITDB MEDIUM text
Business Live Chat Software 1.0 - CSRF
Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with administrative access parameters.
by Meisam Monsef
CVSS 5.3
CVE-2020-10173 EXPLOITDB HIGH text
Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m - OS Command Injection via ping.cgi
Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.
by Raki Ben Hamouda
CVSS 8.8
CVE-2020-37108 EXPLOITDB HIGH text
PhpIX 2012 Professional - SQL Injection
PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information.
by indoushka
CVSS 7.1
CVE-2020-37107 EXPLOITDB HIGH python
Core FTP LE 2.2 - Denial of Service via Account Field Buffer Overflow
Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account field to cause the application to become unresponsive and require reinstallation.
by Ismael Nava
CVSS 7.5
CVE-2020-8794 EXPLOITDB CRITICAL c
OpenSMTPD OOB Read Local Privilege Escalation
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
by Qualys Corporation
CVSS 9.8
CVE-2020-8793 EXPLOITDB MEDIUM c
OpenSMTPD < 6.6.4 - Local Arbitrary File Read via Race Condition in makemap.c and smtpd.c
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
by Qualys Corporation
CVSS 4.7
CVE-2020-37122 EXPLOITDB HIGH python
SpotFTP-FTP Password Recover <2.4.8 - DoS
SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash.
by Ismael Nava
CVSS 7.5
CVE-2020-37109 EXPLOITDB HIGH python
aSc TimeTables 2020.11.4 - Denial of Service via Subject Title Buffer Overflow
aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. Attackers can generate a 1000-character buffer and paste it into the Subject title to trigger an application crash and potential instability.
by Ismael Nava
CVSS 7.5
EIP-2026-115985 EXPLOITDB python
Odin Secure FTP Expert 7.6.3 - Denial of Service (PoC)
by berat isler
CVE-2020-8819 EXPLOITDB HIGH php
CardGate Payments <3.1.15 - Auth Bypass
An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.
by GeekHack
CVSS 8.1
EIP-2026-109242 EXPLOITDB php
Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass
by GeekHack
CVE-2020-37154 EXPLOITDB HIGH text
eLection 2.0 - Authenticated SQL Injection
eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploading backdoor files to the web application directory.
by J3rryBl4nks
CVSS 7.1
CVE-2020-37147 EXPLOITDB HIGH text
ATutor 2.2.4 - Authenticated SQL Injection via Admin User Deletion ID Parameter
ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'id' parameter of the admin_delete.php script to potentially extract or modify database information.
by Andrey Stoykov
CVSS 7.1
CVE-2020-37146 EXPLOITDB HIGH perl
ACE Security WiP-90113 HD Camera - Info Disclosure
ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /config_backup.bin endpoint, exposing credentials and system settings.
by Todor Donev
CVSS 7.5
CVE-2020-37141 EXPLOITDB HIGH text
AMSS++ 4.31 - SQL Injection via Mail Module id Parameter
AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentially access or modify database contents.
by indoushka
CVSS 8.2
CVE-2020-37135 EXPLOITDB HIGH text
AMSS++ 4.7 - Authentication Bypass via Hardcoded Credentials
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system.
by indoushka
CVSS 7.5
CVE-2020-37103 EXPLOITDB MEDIUM text
DotNetNuke < 9.5.0 - Persistent Cross-Site Scripting via Journal XML File Upload
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially bypassing CSRF protections and performing more damaging attacks.
by Sajjad Pourali
CVSS 6.4
CVE-2020-36871 EXPLOITDB HIGH perl
ESCAM QD-900 WIFI HD - Info Disclosure
ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that may facilitate further compromise of the camera or connected network.
by Todor Donev
CVE-2019-19943 EXPLOITDB HIGH python
Pablo Quick 'n Easy Web Server < 3.3.8 - Unauthenticated Heap Memory Corruption via Host/Domain Parameter
The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remote code execution because of a double free.
by Cody Winkler
CVSS 7.5
EIP-2026-107526 EXPLOITDB text
GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection
by emaragkos
EIP-2026-105704 EXPLOITDB text
CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin)
by J3rryBl4nks
EIP-2026-105683 EXPLOITDB python
Cacti 1.2.8 - Remote Code Execution
by Askar
EIP-2026-104411 EXPLOITDB text
Real Web Pentesting Tutorial Step by Step - [Persian]
by Meisam Monsef
CVE-2015-7611 EXPLOITDB HIGH ruby VERIFIED
Apache James Server < 2.3.2.1 - OS Command Injection
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.
by Metasploit
CVSS 8.1