Exploitdb Exploits
49,983 exploits tracked across all sources.
PHPGurukul Small CRM v2.0 - Auth Bypass
PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page.
by FULLSHADE
CVSS 8.8
PHPGurukul Hostel Mgt Sys <2.0 - SQL Injection
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.
by FULLSHADE
CVSS 9.8
Phpgurukul Dairy Farm Shop Management System - SQL Injection
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.
by Chris Inzinga
CVSS 9.8
Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin)
by Ismail Tasdelen
Complaint Management System 4.0 - 'cid' SQL injection
by FULLSHADE
IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting
by Ismail Tasdelen
Plantronics Hub 3.13.2 - Local Privilege Escalation
by Markus
Online Course Registration 2.0 - Remote Code Execution
by Metin Yunus Kandemir
Karakuzu ERP Management Web 5.7.0 - 'k_adi_duz' SQL Injection
by Hakan TAŞKÖPRÜ
MSN Password Recovery <1.30 - DoS
MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the 'User Name and Registration Code' field to trigger an application crash.
by Gokkulraj
CVSS 7.5
BloodX 1.0 - Auth Bypass
BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a crafted payload with '=''or' parameters to bypass login authentication and gain unauthorized access.
by riamloo
CVSS 6.5
Windows Core Shell COM Server Registrar - Privilege Escalation
An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The update addresses this vulnerability by correcting unprotected COM calls.
by 0vercl0k
CVSS 6.7
Phpgurukul Hospital Management System - XSS
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
by FULLSHADE
CVSS 6.1
Phpgurukul Hospital Management System - SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.
by FULLSHADE
CVSS 8.8
Shopping Portal ProVersion 3.0 - Authentication Bypass
by Metin Yunus Kandemir
Hospital Management System 4.0 - Authentication Bypass
by Metin Yunus Kandemir
Nostromo nhttpd <1.9.6 - RCE
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
by Kr0ff
CVSS 9.8
IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal
by Raif Berkay Dincel
NextVPN 4.10 - Privilege Escalation
NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification.
by SajjadBnd
CVSS 7.8
WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
by Raphael Karger
Apple Safari < 12.0.1 - Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
by TJ Corley
CVSS 8.8
Thrive Smart Home 1.1 - SQL Injection
Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1# to manipulate login queries and gain unauthorized access to the application.
by LiquidWorm
CVSS 8.2
By Source