Exploitdb Exploits
50,076 exploits tracked across all sources.
TPC-110W - Missing Authentication for Critical Function
by Amirhossein Bahramizadeh
TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution
by LiquidWorm
Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)
by Alok kumar
GL.iNET GL-AR300M <4.3.7 - Command Injection
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.
by cyberaz0r
CVSS 9.8
GL.iNET GL-AR300M <4.3.7 - Path Traversal
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.
by cyberaz0r
CVSS 7.5
GL.iNET GL-AR300M <3.216 - Command Injection
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.
by cyberaz0r
CVSS 9.8
Dormakaba Saflok System 6000 - Info Disclosure
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation of the card's unique identifier.
by planthopper3301
CVSS 9.8
WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection
by Meryem Taşkın
WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - _Dashboard Redirect_ field Stored Cross-Site Scripting (XSS)
by Rachit Arora
(shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]
by Alexys (0x177git)
perl2exe <= V30.10C - Authenticated Arbitrary Code Execution via Packed Executable Argument
perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized access.
by decrazyo
dawa-pharma 1.0-2022 - Unauthenticated SQL Injection via Email Parameter
dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access.
by nu11secur1ty
Zoo Management System v1.0 - File Upload
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.
by Çağatay Ceyhan
CVSS 7.2
Wordpress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)
by Leopoldo Angulo (leoanggal1)
Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin
by Marcin Kozlowski
Automatic-Systems SOC FL9600 FastLine - Directory Transversal
by Marcin Kozlowski
Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)
by Emir Polat
TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution
by LiquidWorm
Online Shopping System Advanced 1.0 - SQL Injection via Payment Success Parameter
Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database information by manipulating the user ID parameter.
by Furkan Gedik
CVSS 7.5
Simple Inventory Management System v1.0 - SQL Injection
Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.
by SoSPiro
CVSS 9.8
By Source