Exploitdb Exploits
49,989 exploits tracked across all sources.
Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)
by Nawaf Alkeraithe
Advanced Comment System - SQL Injection
internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued.
by Rafael Pedrero
CVSS 9.8
Switchvpn - Privilege Escalation
A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute arbitrary binaries as root.
by Bernd Leitner
CVSS 7.8
Dell Openmanage Network Manager - Incorrect Permission Assignment
Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database.
by KoreLogic
CVSS 6.5
PHP 5.2.3 imap (Debian Based) - 'imap_open' disable_functions Bypass
by Anton Lopanitsyn
Ntp - Out-of-Bounds Read
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
by Magnus Klaaborg Stubman
CVSS 7.5
Atlassian Jira - (Authenticated) Upload Code Execution (Metasploit)
by Metasploit
Atlassian Jira - (Authenticated) Upload Code Execution (Metasploit)
by Metasploit
Webiness Inventory 2.3 - SQL Injection
Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attackers can send POST requests to the WsModelGrid.php endpoint with crafted SQL payloads to extract sensitive database information including usernames, databases, and version details.
by Ihsan Sencan
CVSS 8.2
Tina4 Stack 1.0.3 - SQL Injection
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the menu endpoint to manipulate database queries.
by Ihsan Sencan
CVSS 8.2
Tina4 Stack 1.0.3 - CSRF
Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can craft HTML forms targeting the /kim/profile endpoint with hidden fields containing malicious user data like passwords and email addresses to update administrator accounts without authentication.
by Ihsan Sencan
CVSS 5.3
Surreal ToDo 0.6.1.2 - Path Traversal
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files like configuration and initialization files.
by Ihsan Sencan
CVSS 6.2
Silurus Classifieds Script 2.0 - SQL Injection
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can send GET requests to wcategory.php with crafted SQL payloads in the ID parameter to extract database table names and sensitive information from the database.
by Ihsan Sencan
CVSS 8.2
Musicco 2.0.0 - Path Traversal
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system directories and download them as ZIP files.
by Ihsan Sencan
CVSS 7.5
Maitra 1.7.2 - SQL Injection
Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the application directory to extract sensitive mail tracking data and credentials.
by Ihsan Sencan
CVSS 7.1
Gumbo CMS 0.99 - SQL Injection
Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can send POST requests to the settings endpoint with crafted SQL payloads in the language parameter to extract sensitive database information including usernames, databases, and version details.
by Ihsan Sencan
CVSS 8.2
Easyndexer 1.0 - Path Traversal
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like configuration and initialization files.
by Ihsan Sencan
CVSS 7.5
Data Center Audit 2.6.2 - CSRF
Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attackers can send requests to dca_resetpw.php with parameters updateuser, pass, pass2, and submit_reset to change the admin account password and gain administrative access.
by Ihsan Sencan
CVSS 5.3
Alive Parish 2.0.4 - SQL Injection
Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to the images/uploaded directory for remote code execution.
by Ihsan Sencan
CVSS 8.2
Alienor Web Libre 2.0 - SQL Injection
Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifiant field to extract sensitive database information including usernames, databases, and version details.
by Ihsan Sencan
CVSS 8.2
ABC ERP 0.6.4 - CSRF
ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. Attackers can craft malicious forms or links containing parameters like usuario, contrasena1, contrasena2, nombre, and email to change admin account settings without authentication.
by Ihsan Sencan
CVSS 5.3
Webpanel < 0.9.8.740 - CSRF
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.
by InfinitumIT
CVSS 8.8
Webpanel < 0.9.8.740 - CSRF
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.
by InfinitumIT
CVSS 8.8
XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode)
by Semen Alexandrovich Lyhin
Cisco Advanced Malware Protection For Endpoints - Denial of Service
A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and protected by Cisco Immunet or Cisco AMP for Endpoints and executing a malicious file. A successful exploit could allow the attacker to prevent the scanning services from functioning properly and ultimately prevent the system from being protected from further intrusion.
by hyp3rlinx
CVSS 5.5
By Source