Exploitdb Exploits
50,076 exploits tracked across all sources.
SolarWinds FTP Voyager 16.2.0 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml.
by hyp3rlinx
CVSS 8.8
Kinsey Infor-Lawson - SQL Injection via TABLE or QUERY Parameter
Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData.
by Michael Benich
CVSS 9.8
dnaTools dnaLIMS 4-2015s13 - Session Hijacking via UID Parameter Guessing
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.
by Shorebreak Security
CVSS 8.8
WordPress Plugin Apptha Slider Gallery 1.0 Path Traversal File Download
Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the intended directory.
by Ihsan Sencan
CVSS 7.5
WordPress Plugin PICA Photo Gallery 1.0 SQL Injection
WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract sensitive database information including user credentials and table contents.
by Ihsan Sencan
CVSS 8.2
WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download
Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside the intended plugin directory.
by Ihsan Sencan
CVSS 7.5
WordPress Plugin Apptha Slider Gallery 1.0 SQL Injection
Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive database information including user credentials and authentication hashes.
by Ihsan Sencan
CVSS 8.2
Drupal 7.x Module Services - Remote Code Execution
by Charles Fol
Sagemcom Livebox 3 SG30_sip-fr-5.15.8.1 - Denial of Service via IPv6 Routing Table Exhaustion
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue to render the affected system unresponsive, resulting in a denial-of-service condition for telephone, Internet, and TV services.
by Quentin Olagne
CVSS 7.5
Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
by SEC Consult
By Source