Exploitdb Exploits
49,989 exploits tracked across all sources.
Ardawan User Management - XSS
Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI.
by Ismail Tasdelen
CVSS 5.4
ProjeQtOr 7.2.5 - RCE
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.
by AkkuS
CVSS 8.8
phptpoint Hospital Management System 1.0 - 'user' SQL injection
by Boumediene KADDOUR
Creativeitem Ekushey Project Manager - XSS
In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI.
by Ismail Tasdelen
CVSS 5.4
Ajenticp < 1.2.23.13 - XSS
ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager.
by Numan OZDEMIR
CVSS 6.1
Oracle WebLogic Server <12.2.1.3 - RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by allyshka
CVSS 9.8
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
by Hacker Fantastic
CVSS 6.6
Libtiff - Out-of-Bounds Write
LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.
by Google Security Research
CVSS 8.8
Adult Filter 1.0 - Denial of Service (PoC)
by Beren Kuday GÖRÜN
Pokkho Lango - XSS
LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI.
by Ismail Tasdelen
CVSS 4.8
Exim < 4.90.1 - Buffer Overflow
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
by hackk.gr
CVSS 9.8
Apache OFBiz 16.11.04 - XML External Entity Injection
by Jamie Parfet
Axiositalia Registro Elettronico - XSS
In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter.
by Dino Barlattani
CVSS 6.1
ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection
by hyp3rlinx
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
by Ihsan Sencan
ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write
by hyp3rlinx
By Source