Exploitdb Exploits
31,346 exploits tracked across all sources.
Adobe Flash Player < 31.0.0.153 - Use After Free
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
by smgorelik
CVSS 7.8
Wstmart - CSRF
WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI.
by linfeng
CVSS 8.8
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Read
by evil_polar_bear
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read
by SandboxEscaper
Internet Explorer <11 - RCE
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
by Google Security Research
CVSS 7.5
Internet Explorer < - RCE
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
by Google Security Research
CVSS 7.5
Yeswiki Cercopitheque < 2018-06-19-1 - SQL Injection
SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbitrary SQL commands via the "id" parameter.
by Mickael BROUTY
CVSS 9.8
Artica Integria IMS 5.0.83 - XSS
Artica Integria IMS 5.0.83 has XSS via the search_string parameter.
by Javier Olmedo
CVSS 6.1
Bolt CMS <3.6.2 - XSS
Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.
by Raif Berkay Dincel
CVSS 6.1
IBM Operational Decision Manager < 8.6.0.3 - XXE
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170.
by Mohamed M.Fouad
CVSS 7.1
MiniShare <1.4.1 - RCE
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. NOTE: this product is discontinued.
by Rafael Pedrero
CVSS 9.8
SDL Web 8.5.0 - Info Disclosure
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system.
by Ahmed Elhady Mohamed
CVSS 6.5
MiniShare <1.4.1 - RCE
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST request. NOTE: this product is discontinued.
by Rafael Pedrero
CVSS 9.8
Tecrail Responsive Filemanager - Path Traversal
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php.
by Fariskhi Vidyan
CVSS 7.5
Tecrail Responsive Filemanager - Path Traversal
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php.
by Fariskhi Vidyan
CVSS 7.5
Tecrail Responsive Filemanager - Path Traversal
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php.
by Fariskhi Vidyan
CVSS 7.5
Tecrail Responsive Filemanager - Path Traversal
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php.
by Fariskhi Vidyan
CVSS 7.5
Tecrail Responsive Filemanager - XSS
tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action.
by Fariskhi Vidyan
CVSS 6.1
Tecrail Responsive Filemanager - Path Traversal
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php.
by Fariskhi Vidyan
CVSS 7.5
Tecrail Responsive Filemanager - Path Traversal
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php.
by Fariskhi Vidyan
CVSS 7.5
Facebook And Google Reviews System For Businesses 1.1 - SQL Injection
by Ihsan Sencan
Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution
by Ihsan Sencan
Double Your Bitcoin Script Automatic - Authentication Bypass
by Veyselxan
Micro Focus Fortify SSC <18.10 - RCE
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
by alt3kx
CVSS 6.5
By Source