Exploitdb Exploits
50,121 exploits tracked across all sources.
Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)
by Emir Polat
TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution
by LiquidWorm
Puneethreddyhc Online Shopping System Advanced - SQL Injection
Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database information by manipulating the user ID parameter.
by Furkan Gedik
CVSS 7.5
Simple Inventory Management System v1.0 - SQL Injection
Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.
by SoSPiro
CVSS 9.8
IBM i Access Client Solutions <1.1.2-1.1.4, <1.1.4.3-1.1.9.4 - Info...
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.
by hyp3rlinx
CVSS 5.1
comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset
by Diaa Hanna
WyreStorm Apollo VX20 - Information Disclosure
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.
by hyp3rlinx
CVSS 9.1
Wyrestorm Apollo Vx20 Firmware < 1.3.58 - Information Disclosure
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts.
by hyp3rlinx
CVSS 7.5
Wyrestorm Apollo Vx20 Firmware < 1.3.58 - Improper Access Control
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request.
by hyp3rlinx
CVSS 7.5
WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)
by Sagar Banwa
WonderCMS 4.3.2 - XSS
WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an authenticated administrator into accessing a malicious link.
by Anas Zakir
CVSS 8.8
Microsoft Windows Defender Bypass - Detection Mitigation Bypass
by hyp3rlinx
phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit
by Egidio Romano
SureMDM On-premise <6.31 - Info Disclosure
Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message.
This issue affects SureMDM On-premise: 6.31 and below version
by Jonas Benjamin Friedli
CVSS 4.8
By Source