Exploitdb Exploits
49,989 exploits tracked across all sources.
D-Link Central WiFi Manager <1.03r0100-Beta1 - RCE
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code.
by Core Security
CVSS 8.8
D-Link Central WiFi Manager <1.03r0100-Beta1 - XSS
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.
by Core Security
CVSS 6.1
D-Link Central WiFi Manager <1.03r0100-Beta1 - RCE
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.
by Core Security
CVSS 9.8
D-Link Central WiFi Manager <1.03r0100-Beta1 - XSS
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.
by Core Security
CVSS 6.1
Malicious Git HTTP Server For CVE-2018-17456
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
by Junio C Hamano
CVSS 9.8
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)
by cakes
Layerbb - SQL Injection
LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.
by Ihsan Sencan
CVSS 9.8
NICO-FTP 3.0.1.19 - Buffer Overflow (SEH) (ASLR Bypass)
by Miguel Mendez Z
NICO-FTP 3.0.1.19 - Buffer Overflow (SEH) (ASLR Bypass)
by Miguel Mendez Z
Cisco Prime Infrastructure - Path Traversal
A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malicious file by using TFTP, which can be accessed via the web-interface GUI. A successful exploit could allow the attacker to run commands on the targeted application without authentication.
by SecuriTeam
CVSS 9.8
FTP Voyager 16.2.0 Denial of Service via Malformed Site Profile
FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can create a malicious site profile containing 500 bytes of repeated characters and paste it into the IP field to trigger a buffer overflow that crashes the FTP Voyager process.
by Abdullah Alıç
CVSS 6.2
AirTies Air 5343v2 <1.0.0.18 - XSS
AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
by Ismail Tasdelen
CVSS 6.1
AirTies Air 5442 <1.0.0.18 - XSS
AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
by Ismail Tasdelen
CVSS 6.1
AirTies Air 5021 <1.0.0.18 - XSS
AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
by Ismail Tasdelen
CVSS 6.1
AirTies Air 5750 <1.0.0.18 - XSS
AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
by Ismail Tasdelen
CVSS 6.1
Jimtawl 2.2.7 - SQL Injection
SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter.
by Ihsan Sencan
CVSS 9.8
RICOH MP C307 - XSS
On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
by Ismail Tasdelen
CVSS 6.1
RICOH MP C1803 JPN - XSS
On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
by Ismail Tasdelen
CVSS 6.1
AirTies Air 5453 <1.0.0.18 - XSS
AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
by Ismail Tasdelen
CVSS 6.1
OPAC EasyWeb Five <5.7 - SQL Injection
An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter.
by Dino Barlattani
CVSS 9.8
By Source