Exploitdb Exploits
50,076 exploits tracked across all sources.
College-Management-System 1.2 - Authentication Bypass
by cakes
Folder Lock 7.7.9 - Buffer Overflow
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and Registration Key' field to trigger a denial of service condition.
by Achilles
CVSS 6.2
phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery in Setup Page
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
by Manuel García Cárdenas
CVSS 6.5
LimeSurvey < 3.17.14 - Reflected Cross-Site Scripting in Survey_Common_Action.php
LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php,
by SEC Consult
CVSS 5.4
Dolibarr < 10.0.2 - Stored Cross-Site Scripting via User-Agent Header
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.
by Metin Yunus Kandemir
CVSS 6.1
Windows 10 - Information Disclosure via DirectWrite Memory Handling
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251.
by Google Security Research
CVSS 6.5
Windows DirectWrite - Information Disclosure via Memory Exposure
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1251.
by Google Security Research
CVSS 6.5
eWON Firmware 12.2-13.0 - Auth Bypass
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentials and a crafted wsdList parameter to extract encrypted passwords for all users, which can be decrypted using a hardcoded XOR key.
by Photubias
CVSS 7.5
Epross AVCON6 - Unauthenticated Remote Code Execution via OGNL Injection in Login Action
Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OGNL payloads in the redirect parameter to instantiate ProcessBuilder objects and execute system commands with root privileges.
by Nassim Asrir
CVSS 9.8
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)
by Metasploit
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)
by Metasploit
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
by Metasploit
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
by Metasploit
10Web Photo Gallery <1.5.35 - SQL Injection
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.
by MTK
CVSS 9.8
10web Photo Gallery < 1.5.35 - Cross-Site Scripting via Options.php
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.
by MTK
CVSS 6.1
10web Photo Gallery < 1.5.35 - Cross-Site Scripting via Galleries.php
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.
by MTK
CVSS 6.1
October CMS <build 412 - Code Injection
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.
by Metasploit
CVSS 7.2
LibreNMS < 1.47 - OS Command Injection via collectd.inc.php
An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru().
by Metasploit
CVSS 7.2
Dolibarr ERP/CRM 10.0.1 - SQL Injection
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extract sensitive database information using error-based or time-based blind SQL injection techniques.
by Metin Yunus Kandemir
CVSS 7.5
Dolibarr ERP/CRM 10.0.1 - SQL Injection
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demand_reason_id, and availability_id in card.php endpoints to extract sensitive database information using boolean-based blind, error-based, and time-based blind techniques.
by Metin Yunus Kandemir
CVSS 7.5
Rifatron 5brid DVR - Unauthenticated Access
Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication.
by LiquidWorm
CVSS 9.8
WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting
by Mr Winst0n
Enigma NMS < 65.0.0 - SQL Injection via manage_hosts_short.cgi search_pattern Parameter
A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server, expose database tables and values, and potentially execute system-based commands as the mysql user. This affects the search_pattern value of the manage_hosts_short.cgi script.
by xerubus
CVSS 8.8
By Source