Exploitdb Exploits
50,076 exploits tracked across all sources.
WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated
WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to create malicious PHP files in the file_manager directory and execute them on the server.
by Milad karimi
CVSS 7.5
PHPGurukul Rail Pass Management System 1.0 - SQL Injection
A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
by yozgatalperen1
CVSS 7.3
Online Nurse Hiring System 1.0 - Time-Based SQL Injection
by yozgatalperen1
Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)
by Furkan ÖZER
GYM MS - GYM Management System - Cross Site Scripting (Stored)
by yozgatalperen1
Curfew e-Pass Management System 1.0 - FromDate SQL Injection
by Puja Dey
Clinic's Patient Management System 1.0 - Unauthenticated RCE
by Oğulcan Hami Gül
Milesight Routers UR5X_ UR32L_ UR32_ UR35_ UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption
by Bipin Jitiya
PCMan FTP Server 2.0 - Stack-based Buffer Overflow via PWD Command
PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload during the FTP login process to overwrite memory and potentially gain system access.
by Waqas Ahmed Faroouqi
CVSS 9.8
Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)
by whiteOwl
TP-Link TL-WR740N - UnAuthenticated Directory Transversal
by Syed Affan Ahmed (ZEROXINN)
TP-LINK TL-WR740N - Multiple HTML Injection
by Shujaat Amin (ZEROXINN)
Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal
by LiquidWorm
Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution
by LiquidWorm
Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure
by LiquidWorm
Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass
by LiquidWorm
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
by LiquidWorm
Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS
by LiquidWorm
EmbedThis GoAhead 2.5 - Code Injection
goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter.
by Syed Affan Ahmed (ZEROXINN)
CVSS 7.2
By Source