Exploitdb Exploits
50,091 exploits tracked across all sources.
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting
by Nawaf Alkeraithe
Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)
by Nawaf Alkeraithe
Advanced Comment System 1.0 - SQL Injection via Page Parameter
internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued.
by Rafael Pedrero
CVSS 9.8
SwitchVPN 2.1012.03 - Local Privilege Escalation via SUID Binary
A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute arbitrary binaries as root.
by Bernd Leitner
CVSS 7.8
Dell OpenManage Network Manager < 6.5.0 - Insecure MySQL File System Access Control
Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database.
by KoreLogic
CVSS 6.5
PHP 5.2.3 imap (Debian Based) - 'imap_open' disable_functions Bypass
by Anton Lopanitsyn
ntp 4.2.8p6-4.2.8p10 - Denial of Service via Crafted Mode 6 Packet
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
by Magnus Klaaborg Stubman
CVSS 7.5
Atlassian Jira - (Authenticated) Upload Code Execution (Metasploit)
by Metasploit
Atlassian Jira - (Authenticated) Upload Code Execution (Metasploit)
by Metasploit
Webiness Inventory 2.3 - SQL Injection
Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attackers can send POST requests to the WsModelGrid.php endpoint with crafted SQL payloads to extract sensitive database information including usernames, databases, and version details.
by Ihsan Sencan
CVSS 8.2
Tina4 Stack 1.0.3 - Unauthenticated SQL Injection and Database File Download via Menu Endpoint
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the menu endpoint to manipulate database queries.
by Ihsan Sencan
CVSS 8.2
Tina4 Stack 1.0.3 - Cross-Site Request Forgery via Profile Endpoint
Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can craft HTML forms targeting the /kim/profile endpoint with hidden fields containing malicious user data like passwords and email addresses to update administrator accounts without authentication.
by Ihsan Sencan
CVSS 5.3
Surreal ToDo 0.6.1.2 - Path Traversal
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files like configuration and initialization files.
by Ihsan Sencan
CVSS 6.2
Silurus Classifieds Script 2.0 - SQL Injection
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can send GET requests to wcategory.php with crafted SQL payloads in the ID parameter to extract database table names and sensitive information from the database.
by Ihsan Sencan
CVSS 8.2
Musicco 2.0.0 - Unauthenticated Path Traversal via Parent Parameter
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system directories and download them as ZIP files.
by Ihsan Sencan
CVSS 7.5
Maitra 1.7.2 - Authenticated SQL Injection via Mailid Parameter
Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the application directory to extract sensitive mail tracking data and credentials.
by Ihsan Sencan
CVSS 7.1
Gumbo CMS 0.99 - Unauthenticated SQL Injection via Settings Endpoint Language Parameter
Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can send POST requests to the settings endpoint with crafted SQL payloads in the language parameter to extract sensitive database information including usernames, databases, and version details.
by Ihsan Sencan
CVSS 8.2
rul10 easyndexer 1.0 - Unauthenticated Arbitrary File Download via showtif.php File Parameter
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like configuration and initialization files.
by Ihsan Sencan
CVSS 7.5
Data Center Audit 2.6.2 - Unauthenticated Cross-Site Request Forgery via dca_resetpw.php
Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attackers can send requests to dca_resetpw.php with parameters updateuser, pass, pass2, and submit_reset to change the admin account password and gain administrative access.
by Ihsan Sencan
CVSS 5.3
Alive Parish 2.0.4 - Unauthenticated SQL Injection and Arbitrary File Upload
Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to the images/uploaded directory for remote code execution.
by Ihsan Sencan
CVSS 8.2
Alienor Web Libre 2.0 - SQL Injection
Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifiant field to extract sensitive database information including usernames, databases, and version details.
by Ihsan Sencan
CVSS 8.2
ABC ERP 0.6.4 - Cross-Site Request Forgery via _configurar_perfil.php
ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to _configurar_perfil.php. Attackers can craft malicious forms or links containing parameters like usuario, contrasena1, contrasena2, nombre, and email to change admin account settings without authentication.
by Ihsan Sencan
CVSS 5.3
Webpanel < 0.9.8.740 - CSRF
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.
by InfinitumIT
CVSS 8.8
Control WebPanel < 0.9.8.740 - Cross-Site Request Forgery via SSH Command Execution
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.
by InfinitumIT
CVSS 8.8
By Source