Exploitdb Exploits
50,076 exploits tracked across all sources.
ManageEngine Desktop Central < 9.0 - Remote Code Execution via File Upload Path Traversal
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
by Metasploit
ManageEngine Desktop Central < 9.0 - Remote Code Execution via File Upload Path Traversal
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
by Metasploit
WordPress Plugin WP Support Plus Responsive Ticket System 2.0 - Multiple Vulnerabilities
by Fikri Fadzil
mpay24 < 1.6 - SQL Injection via TID Parameter
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.
by Wireghoul
WordPress Theme Urban City - 'download.php' Arbitrary File Download
by Ashiyane Digital Security Team
WordPress Theme Epic - 'download.php' Arbitrary File Download
by Ashiyane Digital Security Team
WordPress Theme Authentic - 'download.php' Arbitrary File Download
by Ashiyane Digital Security Team
WordPress Theme Antioch - 'download.php' Arbitrary File Download
by Ashiyane Digital Security Team
WordPress Theme Acento - 'view-pdf.php?File' Arbitrary File Download
by alieye
WordPress Plugin Xhanch My Twitter - Cross-Site Request Forgery
by Voxel@Night
WordPress Plugin WP to Twitter - Authentication Bypass
by Voxel@Night
WordPress Plugin W3 Total Cache - 'admin.php' Cross-Site Request Forgery
by Voxel@Night
WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass
by Voxel@Night
WordPress Plugin Bulk Delete Users by Email 1.0 - Cross-Site Request Forgery
by Fikri Fadzil
phpmyfaq < 2.8.13 - CAPTCHA Bypass via Request Replay
phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request.
by smash
CVSS 5.3
mpay24 < 1.5.1 - Unauthenticated Sensitive Information Exposure via Direct Request to API Log
The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.
by Wireghoul
Joomla! Component Spider Calendar 3.2.6 - SQL Injection
by Claudio Viviani
By Source