Exploitdb Exploits
50,083 exploits tracked across all sources.
FTPShell Server 6.83 - 'Virtual Path Mapping' Local Buffer
by Dino Covotsos
FTPShell Server 6.83 - 'Virtual Path Mapping' Local Buffer
by Dino Covotsos
Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Unauthenticated Remote Code Execution
by Julien Ahrens
D-Link DI-524 2.06RU - Stored and Reflected Cross-Site Scripting via Web Configuration
On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter.
by Semen Alexandrovich Lyhin
CVSS 4.8
Ashop Shopping Cart - SQL Injection
Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send POST requests to the admin/bannedcustomers.php endpoint with crafted SQL payloads using SLEEP functions to extract sensitive database information.
by Doğukan Karaciğer
CVSS 8.2
Windows AppX Deployment Service - Privilege Escalation
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
by Nabeel Ahmed
CVSS 7.8
Apache Axis 1.4 - Server-Side Request Forgery
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
by David Yesland
CVSS 7.5
TP-Link TL-WR940N - Buffer Overflow
TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.
by Grzegorz Wypych
CVSS 8.8
AllPlayer 7.4 Local Buffer Overflow via SEH Unicode
AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code execution to run arbitrary commands with user privileges.
by Chris Au
CVSS 8.4
River Past Cam Do 3.7.6 Local Buffer Overflow in Activation Code
River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes of junk data followed by shellcode and SEH chain overwrite values to trigger code execution when the activation dialog processes the input.
by Chris Au
CVSS 8.4
Download Accelerator Plus DAP 10.0.6.0 SEH Buffer Overflow
Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and executes embedded shellcode when imported through the application's web page import functionality.
by Peyman Forouzan
CVSS 9.8
FlexHEX 2.71 Local Buffer Overflow via SEH Unicode
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers, paste the contents into the Stream Name dialog, and execute arbitrary commands like calc.exe when the exception handler is triggered.
by Chris Au
CVSS 8.4
Tradebox 5.4 - Authenticated SQL Injection via Symbol Parameter
Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requests to the monthly_deposit endpoint with malicious symbol values using boolean-based blind, time-based blind, error-based, or union-based SQL injection techniques to extract sensitive database information.
by Abdullah Çelebi
CVSS 7.1
NCrypted Jobgator - Unauthenticated SQL Injection via Experience Parameter
NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the experience parameter. Attackers can send POST requests to the agents Find-Jobs endpoint with malicious experience values to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
ShoreTel Connect ONSITE <19.45.1602.0 - XSS
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
by Ramikan
CVSS 6.1
ShoreTel Connect ONSITE <19.49.1500.0 - XSS
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter.
by Ramikan
CVSS 6.1
WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass
by isdampe
ShoreTel Connect ONSITE <18.82.2000.0 - XSS
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by Ramikan
CVSS 6.1
Bolt CMS 3.6.6 - Cross-Site Request Forgery to Remote Code Execution via File Upload
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.
by FelipeGaspar
CVSS 8.8
netatalk < 3.1.12 - Unauthenticated Out-of-bounds Write in dsi_opensess.c
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
by muts
CVSS 9.8
CentOS Web Panel 0.9.8.793 Free and 0.9.8.753 Pro - Stored Cross-Site Scripting in Admin Email Field
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and clicking on Save Changes, the XSS Payload will execute.
by DKM
CVSS 4.8
Apache HTTP Server 2.4.17-2.4.38 - Use-After-Free in Scoreboard
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
by cfreal
CVSS 7.8
ManageEngine ServiceDesk Plus 9.3 - Authenticated User Enumeration via Login Page
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
by Operat0r
CVSS 4.3
Salicru SLC-20-cube3(5) - Reflected Cross-Site Scripting via DataLog.csv log Parameter
A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name= request.
by Ramikan
CVSS 6.1
Contact Form by WD 1.13.1 CSRF to Local File Inclusion
Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint with directory traversal sequences in the GET action parameter to load files via CSRF, bypassing authentication on vulnerable AJAX actions.
by Peyman Forouzan
CVSS 4.0
By Source