Exploitdb Exploits
50,076 exploits tracked across all sources.
HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path
by Roberto Piña
WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting
by Ultra Security Team
WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
by Jinson Varghese Behanan
SOPlanning 1.45 - Cross-Site Request Forgery (Add User)
by J3rryBl4nks
Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)
by J3rryBl4nks
Avaya Aura Communication Manager 5.2 - Remote Code Execution
by Sarang Tumne
SprintWork 2.3.1 - Privilege Escalation
SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access.
by boku
CVSS 6.2
phpMyChat Plus 1.98 - SQL Injection
phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database information by crafting malicious payloads in the username field.
by J3rryBl4nks
CVSS 8.2
EPSON EasyMP Network Projection 2.81 - Code Injection
EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\ to inject malicious code that would execute with LocalSystem privileges.
by Roberto Piña
CVSS 7.8
WordPress Plugin ultimate-member 2.1.3 Local File Inclusion
WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-upgrade.php. Attackers can send POST requests with malicious pack values to include unintended PHP files from the packages directory and execute arbitrary code.
by Mehran Feizi
CVSS 5.5
WordPress Plugin Wordfence.7.4.5 - Local File Disclosure
by Mehran Feizi
WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting
by Mehran Feizi
WordPress Plugin contact-form-7 5.1.6 - Remote File Upload
by Mehran Feizi
Artica Pandora FMS 7.0 - Authenticated OS Command Injection via Netflow Live View Parameters
functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224.
by Engin Demirbilek
CVSS 7.2
HP System Event Utility <1.4.33 - RCE
A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service.
by hyp3rlinx
CVSS 7.8
Wedding Slideshow Studio 1.36 - RCE
Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to run system commands like launching the calculator.
by ZwX
CVSS 9.8
Sync Breeze Enterprise 12.4.18 - Code Injection
Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the service startup process.
by boku
CVSS 7.8
By Source