Exploitdb Exploits
50,083 exploits tracked across all sources.
AIDA64 Extreme 5.99.4900 SEH Buffer Overflow via EggHunter
AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email preferences and report wizard interfaces. Attackers can inject crafted payloads into the Display name field and Load from file parameter to trigger the overflow and execute shellcode with application privileges.
by Peyman Forouzan
CVSS 8.4
phpFileManager 1.7.8 Local File Inclusion via index.php
phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fm_current_dir, and filename parameters. Attackers can send GET requests to index.php with crafted parameter values to access sensitive files like /etc/passwd from the server.
by Murat Kalafatoglu
CVSS 6.2
Inout EasyRooms Ultimate 1.0 - SQL Injection
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads to extract sensitive data or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
Inout EasyRooms Ultimate 1.0 - SQL Injection
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads to bypass authentication, extract sensitive data, or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
Inout EasyRooms Ultimate 1.0 - SQL Injection
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads in the location field to extract sensitive data or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
Inout EasyRooms Ultimate 1.0 - SQL Injection
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. Attackers can send POST requests to the search/rentals endpoint with malicious SQL payloads to bypass authentication, extract sensitive data, or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
Inout RealEstate - Unauthenticated SQL Injection via City Parameter
Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST requests to the agents/agentlistdetails endpoint with malicious SQL payloads in the city parameter to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Fiverr Clone Script 1.2.2 - Unauthenticated Stored Cross-Site Scripting via Search Results Keyword Parameter
Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript in users' browsers.
by Mr Winst0n
CVSS 6.1
Fiverr Clone Script 1.2.2 - SQL Injection
Fiverr Clone Script 1.2.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can supply malicious SQL syntax in the page parameter to extract sensitive database information or modify database contents.
by Mr Winst0n
CVSS 9.1
WooCommerce PayPal Checkout Payment Gateway <1.6.8 - Info Disclosure
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the amount can be manipulated in the PayPal payment flow. However, the amount is validated against the WooCommerce order total before completing the order, and if it doesn’t match then the order will be left in an “On Hold” state
by Vikas Chaudhary
CVSS 6.5
TCPDF < 6.2.22 - Remote Code Execution via PHAR Deserialization
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
by q3rv0
CVSS 9.8
CMS Made Simple 2.2.8 - Unauthenticated Blind SQL Injection via News Module m1_idlist Parameter
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
by Daniele Scanu
CVSS 8.1
JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery via Wi-Fi Settings
JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi).
by Vikas Chaudhary
CVSS 6.5
CentOS Web Panel 0.9.8.789 - Stored Cross-Site Scripting via DNS Nameserver Fields
CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via a "DNS Functions" "Edit Nameservers IPs" action.
by DKM
CVSS 4.8
Base64 Decoder 1.1.2 Local Buffer Overflow SEH Egghunter
Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH chain with a POP-POP-RET gadget address, and uses an egghunter payload to locate and execute shellcode for code execution.
by Paolo Perego
CVSS 8.4
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 - SQL Injection
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Doditsolutions Homey BNB (Airbnb Clone Script) >=V4 - SQL Injection & Auth Bypass via Admin Panel
Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the authentication query and gain unauthorized access to the admin panel.
by Ahmet Ümit BAYRAM
CVSS 8.2
Doditsolutions Homey BNB (Airbnb Clone Script) >=V4 - Unauthenticated SQL Injection via 'val' Parameter in getrecord.php
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Doditsolutions Homey BNB (Airbnb Clone Script) >=V4 - Unauthenticated SQL Injection via 'pt' Parameter in getcmsdata.php
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Doditsolutions Homey BNB (Airbnb Clone Script) >=V4 - Unauthenticated SQL Injection via catid Parameter
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to the admin/cms_getpagetitle.php endpoint with malicious catid values to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Doditsolutions Homey BNB V4 - Unauthenticated SQL Injection via Admin Edit.php ID Parameter
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Doditsolutions Homey BNB (Airbnb Clone Script) >=V4 - Unauthenticated SQL Injection via hosting_id Parameter
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting_id parameter. Attackers can send GET requests to the rooms/ajax_refresh_subtotal endpoint with malicious hosting_id values to extract sensitive database information or cause denial of service.
by Ahmet Ümit BAYRAM
CVSS 8.2
Thomsonreuters Concourse Matter Room < 2.13.0098 - Path Traversal
An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine's SAM and SYSTEM database files, as well as remote code execution.
by 0v3rride
CVSS 9.8
Microsoft Visio 2016 16.0.4738.1000 - 'Log in accounts' Denial of Service
by César Adrián Coronado Llanos
Fat Free CRM v0.19.0 - HTML Injection
HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is a XSS protection mechanism.
by Ismail Tasdelen
CVSS 5.4
By Source