Exploitdb Exploits
50,076 exploits tracked across all sources.
GetSimple CMS 3.3.16 - Remote Code Execution via Edited File Parameter
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.
by Youssef Muhammad
CVSS 9.8
CiviCRM 5.59.alpha1 - Stored Cross-Site Scripting in Contact Name Fields
Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.
by Andrea Intilangelo
CVSS 5.4
ChurchCRM 4.5.4 - Reflected Cross-Site Scripting via Image File
ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.
by Rahad Chowdhury
CVSS 4.8
Bludit 3.14.1 - Stored Cross-Site Scripting via SVG Site Logo Upload
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).
by Rahad Chowdhury
CVSS 5.4
Best POS Management System v1.0 - Unauthenticated Remote Code Execution
by Mesut Cetin
PaperCut MF and NG 8.0-20.1.7 - Unauthenticated Remote Code Execution via SetupCompleted
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
by MaanVader
CVSS 9.8
FusionInvoice 2023-1.0 - Stored Cross-Site Scripting via Description or Content Fields
Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and customer details.
by Andrea Intilangelo
CVSS 6.1
Apache Superset Signed Cookie Priv Esc
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.
All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.
Add a strong SECRET_KEY to your `superset_config.py` file like:
SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY>
Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.
by MaanVader
CVSS 8.9
Yank Note 3.52.1 - Arbitrary Code Execution via Crafted File
Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process').
by 8bitsec
CVSS 8.8
Gin Markdown Editor 0.7.4 - Code Execution via Crafted File
Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process').
by 8bitsec
CVSS 7.8
PnPSCADA - Unauthenticated SQL Injection via hitlogcsv.jsp Endpoint
The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and passively. Consequently, malicious actors could gain access to vital information, such as Industrial Control System (ICS) and OT data, alongside other sensitive records like SMS and SMS Logs. The unauthorized database access exposes compromised systems to potential manipulation or breach of essential infrastructure data, highlighting the severity of this vulnerability.
by Momen Eldawakhly
CVSS 9.8
Screen SFT DAB 600/C - Authentication Bypass Account Creation
by LiquidWorm
Optoma 1080PSTX C02 - Unauthenticated Authentication Bypass
An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.
by Anthony Cole
CVSS 9.8
TinyWebGallery 2.5 - Authenticated Stored Cross-Site Scripting via Folder Name Parameter
TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected gallery pages.
by Mirabbas Ağalarov
CVSS 5.4
RockMongo 1.1.7 - Stored Cross-Site Scripting via Database, Collection, and Login Parameters
RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute arbitrary JavaScript in victim's browser.
by Rafael Pedrero
CVSS 5.4
Epson Stylus SX510W < 2023-05-13 - Denial of Service via Malformed Query Parameters
The Epson Stylus SX510W embedded web management service fails to properly handle consecutive ampersand characters in query parameters when accessing /PRESENTATION/HTML/TOP/INDEX.HTML. A remote attacker can send a malformed request that triggers improper input parsing or memory handling, resulting in the printer process shutting down or powering off, causing a denial of service condition.
by Rafael Pedrero
BigProf Online Clinic Management System 2.2 - XSS
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.
by Rafael Pedrero
CVSS 6.3
TEM FLEX-1085 1.6.0 - Denial of Service via /sistema/flash/reboot
A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
by Mr Empy
CVSS 7.5
EasyPHP Webserver 14.1 - Path Traversal
EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read system files such as /windows/win.ini.
by Rafael Pedrero
CVSS 6.5
File Thingie 2.5.7 - Authenticated Arbitrary File Upload via PHP Zip Archive
File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with a command parameter.
by Maurice Fielenbach
CVSS 8.8
EasyPHP Webserver 14.1 - Command Injection
EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service_control parameter. Attackers can send POST requests to /index.php?zone=settings with crafted app_service_control values to execute commands with administrative privileges.
by Rafael Pedrero
CVSS 9.8
Codigo Markdown Editor 1.0.1 - Code Injection
Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js child_process module when the file is opened.
by 8bitsec
CVSS 7.8
By Source