Exploitdb Exploits
50,076 exploits tracked across all sources.
Livefyre LiveComments 3.0 - Stored Cross-Site Scripting via Uploaded Picture Name
Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture.
by Brij Kishore Mishra
CVSS 6.1
ClassApps SelectSurvey.NET < 4.125.002 - SQL Injection via SurveyID Parameter
Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx.
by BillV-Lists
Tribulant Slideshow Gallery < 1.4.7 - Authenticated Arbitrary File Upload
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.
by Claudio Viviani
Laravel - 'Hash::make()' Password Truncation Security
by Pichaya Morimoto
Rejetto HTTP File Server <2.3c - RCE
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
by Daniele Linguaglossa
CVSS 9.8
Railo < 4.2.1.000 - Remote File Inclusion via Thumbnail CFM Request
A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.
by Metasploit
CVSS 8.8
ManageEngine EventLog Analyzer 9.0/8.2 - Remote Code Execution via ZIP Traversal
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.
by Metasploit
CacheGuard OS 5.7.7 - Cross-Site Request Forgery in Password Admin Interface
Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin.apl in CacheGuard OS 5.7.7 allows remote attackers to hijack the authentication of arbitrary users.
by William Costa
SolarWinds Storage Manager - Authentication Bypass (Metasploit)
by Metasploit
Briefcase 4.0 iOS - Code Execution / File Inclusion
by Vulnerability-Lab
Aztech DSL5018EN DSL705E DSL705EU - Unauthenticated Remote Command Execution via Session Bypass
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.
by Eric Fajardo
CVSS 9.8
Aztech DSL5018EN DSL705E DSL705EU - Unauthenticated Sensitive Information Exposure via ROM File
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.
by Eric Fajardo
CVSS 9.8
Aztech ADSL DSL5018EN-DSL705EU - DoS
cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request.
by Federick Joe P Fajardo
CVSS 7.5
WordPress Plugin Wordfence Security - Multiple Vulnerabilities
by Voxel@Night
Joomla! Component com_formmaker 3.4 - SQL Injection
by Claudio Viviani
Food Order Portal - 'admin_user_delete.php' Cross-Site Request Forgery
by KnocKout
Joomla! Component Spider Contacts 1.3.6 - 'contacts_id' SQL Injection
by Claudio Viviani
ChatSecure IM 2.2.4 iOS - Persistent Cross-Site Scripting
by Vulnerability-Lab
By Source