Exploitdb Exploits
50,076 exploits tracked across all sources.
Color Prediction Game v1.0 - SQL Injection
by Ahmet Ümit BAYRAM
EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download
by LiquidWorm
EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)
by LiquidWorm
OutSystems Service Studio 11 11.53.30 - Uncontrolled Search Path Element via .oml File Handling
A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.
by shinnai
CVSS 7.8
TP-Link Archer AX21 Firmware < 1.1.4 - Unauthenticated Command Injection via Country Parameter
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.
by Voyag3r
CVSS 8.8
Lucee 5.4.2.17 - Authenticated Reflected Cross-Site Scripting via Admin Interface Parameters
Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScript in victim's browser sessions.
by Yehia Elghaly
PyroCMS 3.9 - Remote Code Execution via Server-Side Template Injection
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.
by Daniel Barros
CVSS 9.8
mooSocial mooStore 3.1.6 - Cross-Site Scripting
A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-236209 was assigned to this vulnerability.
by CraCkEr
CVSS 3.5
mooSocial mooStore 3.1.6 - Cross-Site Scripting via Search Query Parameter
A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236208.
by CraCkEr
CVSS 3.5
ESDS Emagic Data Center Management Suite < 6.0 - Authenticated OS Command Injection via Ping Component
This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system.
Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.
by thewhiteh4t
CVSS 8.8
Templatecookie Adlisting 2.14.0 - Information Disclosure in Redirect Handler
A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by CraCkEr
CVSS 4.3
Joomla JLex Review 6.0.1 Reflected XSS via review_id Parameter
Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers when clicked, enabling session hijacking or credential theft.
by CraCkEr
CVSS 6.1
WordPress adivaha Travel Plugin 2.3 SQL Injection via pid
WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with crafted 'pid' values using XOR-based payloads to extract sensitive database information or cause denial of service.
by CraCkEr
CVSS 8.2
WordPress adivaha Travel Plugin 2.3 Reflected XSS via isMobile
WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. Attackers can craft malicious URLs containing JavaScript payloads in the isMobile GET parameter at the /mobile-app/v3/ endpoint to execute arbitrary code in victims' browsers and steal session tokens or credentials.
by CraCkEr
CVSS 6.1
Creativeitem Academy LMS 7.0 - Reflected Cross-Site Scripting via Search Parameter
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting (XSS) vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/course_bundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, which only fixed XSS in query and sort_by parameters to the /academy/home/courses endpoint.
by CraCkEr
CVSS 6.1
Xlight FTP Server 3.9.3.6 - Buffer Overflow
Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service condition.
by Yehia Elghaly
CVSS 7.5
Webutler 3.2 - Authenticated Remote Code Execution via PHAR File Upload
Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR file with embedded system commands to the media browser and execute arbitrary commands by accessing the uploaded file.
by Mirabbas Ağalarov
CVSS 7.2
Webedition CMS 2.9.8.8 - Authenticated Stored Cross-Site Scripting via SVG Upload
Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is viewed by other users.
by Mirabbas Ağalarov
CVSS 5.4
Webedition CMS <2.9.8.8 - Authenticated RCE
Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with malicious system commands in the description field to execute arbitrary commands on the server.
by Mirabbas Ağalarov
CVSS 7.2
JLex GuestBook 1.6.4 - Reflected Cross-Site Scripting via URL Parameter
JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims' browsers.
by CraCkEr
ReyeeOS 1.204.1614 - Man-In-The-Middle
ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by exploiting the unprotected HTTP polling requests.
by Riyan Firmansyah of Seclab
CVSS 8.1
Ozeki SMS Gateway <=10.3.208 - Path Traversal
Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to use URL-encoded traversal sequences to read arbitrary files from the underlying filesystem with the privileges of the gateway service, leading to disclosure of sensitive information.
by Ahmet Ümit BAYRAM
Forminator < 1.24.6 - Unauthenticated Arbitrary File Upload via upload_post_image()
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
by Mehmet Kelepçe
CVSS 9.8
By Source