Exploitdb Exploits
50,123 exploits tracked across all sources.
Spip < 3.2.18 - Insecure Deserialization
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
by nuts7
CVSS 9.8
Nokia Asika Airscale Firmware - Hard-coded Credentials
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server (disabled by default) continues to apply the default SSH public/private key values. These keys don't give access to BTS, because service user authentication is username/password-based on top of SSH. Nokia factory installed default SSH keys are meant to be changed from operator-specific values during the BTS deployment commissioning phase. However, before the 21B release, BTS commissioning manuals did not provide instructions to change default SSH keys (to BTS operator-specific values). This leads to a possibility for malicious operations staff (inside a CSP network) to attempt MITM exploitation of BTS service user access, during the moments that SSH is enabled for Nokia service personnel to perform troubleshooting activities.
by Amirhossein Bahramizadeh
CVSS 6.3
Diafan.cms - XSS
Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search.
by tmrswrr
CVSS 6.1
WordPress <5.4.1 - Info Disclosure
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
by Amirhossein Bahramizadeh
CVSS 6.1
Phpgurukul Student Study Center Management System V1.0 - XSS
Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.
by VIVEK CHOUDHARY
CVSS 4.8
Broadcom Symantec SiteMinder WebAgent - Cross-Site Scripting
A user can supply malicious HTML and JavaScript code that will be executed in the client browser
by Harshit Joshi
CVSS 5.4
Online Art Gallery - Unrestricted File Upload
Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability.
by Ramil Mustafayev
CVSS 9.8
Ateme Flamingo XL Firmware - OS Command Injection
Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the restricted login environment.
by LiquidWorm
CVSS 10.0
Textpattern CMS 4.8.8 - XSS
Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users.
by tmrswrr
CVSS 5.4
projectSend r1605 - XSS
projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users load the affected page, enabling persistent script injection.
by Mirabbas Ağalarov
CVSS 4.8
ProjectSend r1605 - Code Injection
ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| in the name field to trigger code execution when administrators export action logs as CSV files.
by Mirabbas Ağalarov
CVSS 8.0
Xoops CMS <2.5.10 - XSS
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.
by tmrswrr
CVSS 9.0
pyLoad js2py Python Execution
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
by Gabriel Lima
CVSS 9.8
Online Thesis Archiving System v1.0 - Multiple-SQLi
by nu11secur1ty
Anevia Flamingo XS 3.6.5 - Authenticated Root Remote Code Execution
by LiquidWorm
Anevia Flamingo XL 3.6.20 - Authenticated Root Remote Code Execution
by LiquidWorm
Online Examination System Project 1.0 - CSRF
The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin's consent. The email of the user to be deleted is passed as a parameter in the URL, which can be manipulated by the attacker. This could result in a loss of data.
by Ramil Mustafayev
CVSS 6.5
PHPGurukul Teachers Record Management System 1.0 - Unrestricted Upload
A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176.
by AFFAN AHMED
CVSS 6.3
SourceCodester Sales Tracker Management System 1.0 - XSS
A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231164.
by AFFAN AHMED
CVSS 2.4
Amentotech Workreap < 2.2.2 - Unrestricted File Upload
The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.
by Mohammad Hossein Khanaki
CVSS 9.8
Thruk <3.06 - Path Traversal
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.
by Galoget Latorre
CVSS 6.5
By Source