Exploitdb Exploits
50,076 exploits tracked across all sources.
Online Art Gallery Project 1.0 - Unauthenticated Arbitrary File Upload via adminHome.php
Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability.
by Ramil Mustafayev
CVSS 9.8
Anevia Flamingo XL 3.2.9 - OS Command Injection via Traceroute Command
Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the restricted login environment.
by LiquidWorm
CVSS 10.0
Textpattern CMS 4.8.8 - Authenticated Stored Cross-Site Scripting in Article Excerpt Field
Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users.
by tmrswrr
CVSS 5.4
projectSend r1605 - Authenticated Stored Cross-Site Scripting via Custom Assets Page
projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users load the affected page, enabling persistent script injection.
by Mirabbas Ağalarov
CVSS 4.8
ProjectSend r1605 - Authenticated CSV Injection via User Profile Name Field
ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| in the name field to trigger code execution when administrators export action logs as CSV files.
by Mirabbas Ağalarov
CVSS 8.0
Xoops CMS 2.5.10 - Stored Cross-Site Scripting via Image Manager Category Name Field
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.
by tmrswrr
CVSS 9.0
pyLoad js2py Python Execution
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
by Gabriel Lima
CVSS 9.8
Online Thesis Archiving System v1.0 - Multiple-SQLi
by nu11secur1ty
Anevia Flamingo XS 3.6.5 - Authenticated Root Remote Code Execution
by LiquidWorm
Anevia Flamingo XL 3.6.20 - Authenticated Root Remote Code Execution
by LiquidWorm
Online Examination System Project 1.0 - CSRF
The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin's consent. The email of the user to be deleted is passed as a parameter in the URL, which can be manipulated by the attacker. This could result in a loss of data.
by Ramil Mustafayev
CVSS 6.5
PHPGurukul Teachers Record Management System 1.0 - Unrestricted Upload
A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176.
by AFFAN AHMED
CVSS 6.3
SourceCodester Sales Tracker Management System 1.0 - XSS
A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231164.
by AFFAN AHMED
CVSS 2.4
Workreap < 2.2.2 - Unauthenticated Arbitrary File Upload via AJAX Temp File Uploader
The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.
by Mohammad Hossein Khanaki
CVSS 9.8
Thruk < 3.06.2 - Path Traversal via Panorama Location Parameter
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.
by Galoget Latorre
CVSS 6.5
USB Flash Drives Control 4.1.0.0 - Code Injection
USB Flash Drives Control 4.1.0.0 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\USB Flash Drives Control\usbcs.exe' to inject malicious executables and escalate privileges on Windows systems.
by Jeffrey Bencteux
CVSS 6.2
CMS Tree Page View <= 1.6.7 - Unauthenticated Reflected Cross-Site Scripting
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Christopher CMS Tree Page View plugin <= 1.6.7 versions.
by LEE SE HYOUNG
CVSS 7.1
MotoCMS 3.4.3 - SQL Injection via Search Keyword Parameter
SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function.
by tmrswrr
CVSS 9.8
Total CMS 1.7.4 - Unauthenticated Arbitrary File Upload via Edit Page Function
File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function.
by tmrswrr
CVSS 8.8
Barebones CMS 2.0.2 - Authenticated Stored Cross-Site Scripting
The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user interacts with certain features on the admin panel.
by tmrswrr
CVSS 5.4
WordPress File Manager Advanced Shortcode <2.3.2 - RCE
The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.
by Mateus Machado Tesser
CVSS 9.8
Sourcecodester Enrollment System Project V1.0 - SQL Injection
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.
by VIVEK CHOUDHARY
CVSS 9.8
STARFACE < 7.3.0.10 - Authentication Bypass via Password Hash
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become best practice to protect users' passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.
by RedTeam Pentesting GmbH
CVSS 8.1
By Source