Exploitdb Exploits
50,076 exploits tracked across all sources.
Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin)
by Ismail Tasdelen
Complaint Management System 4.0 - 'cid' SQL injection
by FULLSHADE
IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting
by Ismail Tasdelen
Plantronics Hub 3.13.2 - Local Privilege Escalation
by Markus
Online Course Registration 2.0 - Remote Code Execution
by Metin Yunus Kandemir
Karakuzu ERP Management Web 5.7.0 - 'k_adi_duz' SQL Injection
by Hakan TAŞKÖPRÜ
MSN Password Recovery 1.30 - Denial of Service via Oversized Registration Code Input
MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the 'User Name and Registration Code' field to trigger an application crash.
by Gokkulraj
CVSS 7.5
BloodX 1.0 - Unauthenticated Authentication Bypass via Crafted Payload in login.php
BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a crafted payload with '=''or' parameters to bypass login authentication and gain unauthorized access.
by riamloo
CVSS 6.5
Windows Core Shell COM Server Registrar - Privilege Escalation
An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The update addresses this vulnerability by correcting unprotected COM calls.
by 0vercl0k
CVSS 6.7
PHPGurukul Hospital Management System 4.0 - Stored Cross-Site Scripting
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
by FULLSHADE
CVSS 6.1
PHPGurukul Hospital Management System 4.0 - SQL Injection
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.
by FULLSHADE
CVSS 8.8
Shopping Portal ProVersion 3.0 - Authentication Bypass
by Metin Yunus Kandemir
Hospital Management System 4.0 - Authentication Bypass
by Metin Yunus Kandemir
nostromo_nhttpd <= 1.9.6 - Remote Code Execution via Directory Traversal in http_verify
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
by Kr0ff
CVSS 9.8
IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal
by Raif Berkay Dincel
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 Authentication Bypass
WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the uabb-lf-google-submit action, a valid administrator email address, and a valid nonce to obtain session cookies and authenticate as that user.
by Raphael Karger
CVSS 9.8
NextVPN 4.10 - Privilege Escalation
NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification.
by SajjadBnd
CVSS 7.8
Safari < 12.0.1 - Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
by TJ Corley
CVSS 8.8
Thrive Smart Home 1.1 - SQL Injection
Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1# to manipulate login queries and gain unauthorized access to the application.
by LiquidWorm
CVSS 8.2
RICOH Web Image Monitor 1.09 - HTML Injection via Address Configuration CGI Script
RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling cross-site scripting attacks.
by Ismail Tasdelen
CVSS 6.1
Heatmiser Netmonitor 3.03 - HTML Injection via outputtitle Parameter
Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can craft specially formatted POST requests to the outputtitle parameter to execute arbitrary HTML and potentially manipulate the web interface's displayed content.
by Ismail Tasdelen
CVSS 6.1
Heatmiser Netmonitor 3.03 - Hardcoded Credentials
Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden form input fields.
by Ismail Tasdelen
CVSS 7.5
FTP Navigator 8.03 - Stack-based Buffer Overflow via Custom Command Textbox
FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted into the Custom Command textbox, enabling remote code execution and launching the calculator as proof of concept.
by boku
CVSS 9.8
By Source