Exploit Database

139,632 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-29566 WRITEUP CRITICAL
Dawnsparks-node-tesseract < 0.4.1 - Command Injection
huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.
CVSS 9.8
CVE-2023-29836 WRITEUP MEDIUM
Exelysis Unified Communications Solution - XSS
Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form.
CVSS 6.1
CVE-2023-29837 WRITEUP MEDIUM
Exelysis Unified Communications Solution - XSS
Cross Site Scripting vulnerability found in Exelysis Unified Communication Solution (EUCS) v.1.0 allows a remote attacker to gain privileges via the URL path of the eucsAdmin login web page.
CVSS 6.1
CVE-2023-29838 WRITEUP HIGH
Allwaysync - Incorrect Default Permissions
Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file.
CVSS 7.8
CVE-2023-29842 WRITEUP HIGH
Churchcrm - SQL Injection
ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter.
CVSS 8.8
CVE-2023-29919 WRITEUP CRITICAL
Contec Solarview Compact Firmware - Incorrect Default Permissions
SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted.
CVSS 9.1
CVE-2023-29929 WRITEUP HIGH
Kemptechnologies Loadmaster <7.2.60.0 - Buffer Overflow
Buffer Overflow vulnerability found in Kemptechnologies Loadmaster before v.7.2.60.0 allows a remote attacker to casue a denial of service via the libkemplink.so, isreverse library.
CVSS 7.5
CVE-2023-29962 WRITEUP MEDIUM
S-cms - Path Traversal
S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.
CVSS 6.5
CVE-2023-2928 WRITEUP MEDIUM
Dedecms < 5.7.106 - Code Injection
A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230083.
CVSS 6.3
CVE-2023-2951 WRITEUP MEDIUM
Bus Dispatch And Information System - SQL Injection
A vulnerability classified as critical has been found in code-projects Bus Dispatch and Information System 1.0. Affected is an unknown function of the file delete_bus.php. The manipulation of the argument busid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230112.
CVSS 6.3
CVE-2023-30013 WRITEUP CRITICAL
Totolink X5000r Firmware - OS Command Injection
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.
CVSS 9.8
CVE-2023-30058 WRITEUP CRITICAL
Xxyopen Novel-plus - SQL Injection
novel-plus 3.6.2 is vulnerable to SQL Injection.
CVSS 9.8
CVE-2023-30185 WRITEUP CRITICAL
Crmeb < 4.6.0 - Unrestricted File Upload
CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php.
CVSS 9.8
CVE-2023-30186 WRITEUP CRITICAL
Onlyoffice Document Server < 7.3.2 - Use After Free
A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
CVSS 9.8
CVE-2023-30187 WRITEUP CRITICAL
Onlyoffice Document Server < 7.3.2 - Out-of-Bounds Write
An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
CVSS 9.8
CVE-2023-30188 WRITEUP HIGH
Onlyoffice Document Server < 7.3.2 - Infinite Loop
Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.
CVSS 7.5
CVE-2023-30258 WRITEUP CRITICAL
Magnussolution Magnusbilling < 7.3.0 - Command Injection
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
CVSS 9.8
CVE-2023-30258 WRITEUP CRITICAL
Magnussolution Magnusbilling < 7.3.0 - Command Injection
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
CVSS 9.8
CVE-2023-30330 WRITEUP CRITICAL
Softexpert Excellence Suite < 2.1.3 - Untrusted Search Path
SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php.
CVSS 9.8
CVE-2023-30347 WRITEUP MEDIUM
STL Neox Dial Centre - XSS
Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, via the serach_sms_api_name parameter to the SMA API search.
CVSS 4.8
CVE-2023-30351 WRITEUP HIGH
Tenda Cp3 Firmware - Hard-coded Credentials
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials.
CVSS 7.5
CVE-2023-30354 WRITEUP CRITICAL
Tenda Cp3 Firmware - Cleartext Transmission
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access.
CVSS 9.8
CVE-2023-30383 WRITEUP HIGH
Tp-link Archer C2 V1 Firmware - Buffer Overflow
TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data.
CVSS 7.5
CVE-2023-30450 WRITEUP MEDIUM
Redpanda < 23.1.2 - Improper Input Validation
rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches.
CVSS 4.3
CVE-2023-30545 WRITEUP HIGH
Prestashop < 1.7.8.9 - SQL Injection
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. This gives the user access to critical information. A patch is available in PrestaShop 8.0.4 and PS 1.7.8.9
CVSS 7.7
By Source
All 139,632 Writeup 59,805 Exploitdb 49,992 Nomisec 21,494 Metasploit 3,218 Github 2,537 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,332 python 5,922 ruby 5,907 c 3,563 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24