Exploitdb Exploits
50,121 exploits tracked across all sources.
Petrol Pump Mangement Software v.1.0 - XSS
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component.
by Shubham Pandey
CVSS 6.1
Petrol Pump Mangement Software <1.0 - SQL Injection
SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component.
by Shubham Pandey
CVSS 9.8
AC Repair and Services System v1.0 - Multiple SQL Injection
by Gnanaraj Mauviel
A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc
by George Washington
TPC-110W - Missing Authentication for Critical Function
by Amirhossein Bahramizadeh
TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution
by LiquidWorm
Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)
by Alok kumar
GL.iNET GL-AR300M <4.3.7 - Command Injection
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.
by cyberaz0r
CVSS 9.8
GL.iNET GL-AR300M <4.3.7 - Path Traversal
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.
by cyberaz0r
CVSS 7.5
GL.iNET GL-AR300M <3.216 - Command Injection
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.
by cyberaz0r
CVSS 9.8
Dormakaba Saflok System 6000 - Info Disclosure
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation of the card's unique identifier.
by planthopper3301
CVSS 9.8
WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection
by Meryem Taşkın
WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - _Dashboard Redirect_ field Stored Cross-Site Scripting (XSS)
by Rachit Arora
(shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]
by Alexys (0x177git)
perl2exe < V30.10C - RCE
perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized access.
by decrazyo
dawa-pharma-1.0 - SQL Injection
dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access.
by nu11secur1ty
Zoo Management System v1.0 - File Upload
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.
by Çağatay Ceyhan
CVSS 7.2
Wordpress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)
by Leopoldo Angulo (leoanggal1)
Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin
by Marcin Kozlowski
Automatic-Systems SOC FL9600 FastLine - Directory Transversal
by Marcin Kozlowski
By Source