Exploitdb Exploits
50,095 exploits tracked across all sources.
PHP-SHOP 1.0 Cross-Site Request Forgery via users.php
PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST requests to the users.php endpoint with parameters like name, email, password, and permissions set to admin to create unauthorized admin accounts.
by Alireza Norkazemi
CVSS 5.3
OwnTicket 2018-05-23 - SQL Injection via showTicketId or editTicketStatusId Parameter
OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter.
by Ihsan Sencan
CVSS 9.8
libssh Authentication Bypass Scanner
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
by Dayanç Soyadlı
CVSS 9.1
FLIR AX8 Thermal Camera 1.32.16 - Auth Bypass
FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and password combinations.
by LiquidWorm
CVSS 9.8
Any Sound Recorder 2.93 - Buffer Overflow (SEH)
by Abdullah Alıç
Any Sound Recorder 2.93 - Buffer Overflow (SEH)
by Abdullah Alıç
Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)
by Ihsan Sencan
Time and Expense Management System 3.0 - 'table' SQL Injection
by Ihsan Sencan
BigTree CMS 4.2.23 - Stored Cross-Site Scripting in Image Upload Area
In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area).
by Ismail Tasdelen
CVSS 6.1
TP-Link TL-SC3130 1.6.18P12_121101 - Unauthenticated Exposure of Sensitive Information via RTSP Stream
TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI.
by LiquidWorm
CVSS 7.5
Heatmiser Wifi Thermostat 1.7 Credential Disclosure via networkSetup.htm
Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values from HTML form fields to gain administrative access to the thermostat.
by d0wnp0ur
CVSS 7.5
Kados R10 GreenBee SQL Injection via update_feature.php
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature_id parameter of boards_buttons/update_feature.php. The feature_id value is concatenated directly into SQL statements without sanitization, allowing attackers to send a crafted GET request with a UNION-based payload to extract sensitive database information including the current user, database name, and DBMS version.
by Ihsan Sencan
CVSS 8.2
Kados R10 GreenBee SQL Injection via update_release.php
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release_id parameter of boards_buttons/update_release.php. The release_id value is concatenated directly into SQL statements without sanitization, allowing attackers to send a crafted GET request with a UNION-based payload to extract sensitive database information including the current user, database name, and DBMS version.
by Ihsan Sencan
CVSS 8.2
Navigate CMS 2.8.5 Path Traversal via navigate_download.php
Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate_download.php with path traversal payloads ../../../cfg/globals.php to access sensitive configuration files and system files outside the intended directory.
by Ihsan Sencan
CVSS 6.5
Oracle Sun Systems Products Suite 11 - Privilege Escalation
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
by Metasploit
CVSS 5.3
Oracle Sun Systems Products Suite Kernel - Takeover
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
by Metasploit
CVSS 7.8
Linux Kernel <4.11.5 - Memory Corruption
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
by Metasploit
CVSS 7.4
Debian Linux < 2.2.8 - Use After Free
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
by Metasploit
CVSS 8.0
Windows NTFS - Elevation of Privilege via Improper Access Check
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 7.8
Solaris RSH Stack Clash Privilege Escalation
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
by Metasploit
CVSS 5.3
WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
by Ismail Tasdelen
Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection
by Ihsan Sencan
MV Video Sharing Software 1.2 - 'searchname' SQL Injection
by Ihsan Sencan
By Source