Exploitdb Exploits
50,076 exploits tracked across all sources.
IBM i Access Client Solutions <1.1.2-1.1.4, <1.1.4.3-1.1.9.4 - Info...
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.
by hyp3rlinx
CVSS 5.1
comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset
by Diaa Hanna
WyreStorm Apollo VX20 - Information Disclosure
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.
by hyp3rlinx
CVSS 9.1
WyreStorm Apollo VX20 Firmware < 1.3.58 - Unauthenticated User Enumeration via TELNET Service
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts.
by hyp3rlinx
CVSS 7.5
WyreStorm Apollo VX20 Firmware < 1.3.58 - Unauthenticated Denial of Service via Reboot Endpoint
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request.
by hyp3rlinx
CVSS 7.5
WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)
by Sagar Banwa
WonderCMS 4.3.2 - Stored Cross-Site Scripting via Module Installation Endpoint
WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an authenticated administrator into accessing a malicious link.
by Anas Zakir
CVSS 8.8
Microsoft Windows Defender Bypass - Detection Mitigation Bypass
by hyp3rlinx
phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit
by Egidio Romano
SureMDM On-premise <6.31 - Info Disclosure
Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message.
This issue affects SureMDM On-premise: 6.31 and below version
by Jonas Benjamin Friedli
CVSS 4.8
Lost and Found Information System 1.0 - Privilege Escalation
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.
by Or4nG.M4N
CVSS 9.8
ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure
by Metin Yunus Kandemir
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service
by LiquidWorm
WP Travel Kit Travelscape - WordPress Seotheme Remote Code Execution Unauthenticated
WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access.
by Milad karimi
CVSS 9.8
By Source