Exploitdb Exploits
50,121 exploits tracked across all sources.
Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass
by LiquidWorm
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
by LiquidWorm
Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS
by LiquidWorm
EmbedThis GoAhead 2.5 - Code Injection
goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter.
by Syed Affan Ahmed (ZEROXINN)
CVSS 7.2
RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC
by LiquidWorm
Typora 1.7.4 - Command Injection
Typora 1.7.4 contains a command injection vulnerability in the PDF export preferences that allows attackers to execute arbitrary system commands. Attackers can inject malicious commands into the 'run command' input field during PDF export to achieve remote code execution.
by Ahmet Ümit BAYRAM
CVSS 9.8
Atcom 100M IP Phones <2.7.x.x - Command Injection
Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in web_cgi_main.cgi, enabling remote code execution with administrative credentials.
by Mohammed Adel
CVSS 8.8
WEBIGniter 28.7.23 - RCE
WEBIGniter 28.7.23 contains a file upload vulnerability that allows authenticated attackers to upload and execute dangerous PHP files through the media function. Attackers can leverage any created account to upload malicious PHP scripts that enable remote code execution on the application server.
by nu11secur1ty
Coppermine Gallery 1.6.25 - Authenticated RCE
Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.
by Mirabbas Ağalarov
CVSS 8.8
Tinycontrol LAN Controller v3 LK3 <1.58a - Info Disclosure
Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract base64-encoded user and admin passwords without authentication.
by LiquidWorm
Tinycontrol LAN Controller <1.58a - DoS
Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of service and configuration loss.
by LiquidWorm
Tinycontrol Lan Controller Firmware < 1.58a - Missing Authorization
Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls and modify administrative credentials.
by LiquidWorm
CVSS 9.8
Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)
by Moein Shahabi
By Source