Exploitdb Exploits
31,346 exploits tracked across all sources.
Apple Iphone OS < 12.1 - Memory Corruption
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.
by Google Security Research
CVSS 9.8
Mz-automation Libiec61850 - Out-of-Bounds Write
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c.
by Dhiraj Mishra
CVSS 9.8
Apple Iphone OS < 12.1 - Memory Corruption
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, watchOS 5.1.
by Google Security Research
CVSS 7.8
Microsoft Internet Explorer 11 - Null Pointer Dereference
by LiquidWorm
Voovi Social Networking Script 1.0 - 'user' SQL Injection
by Ihsan Sencan
Poppy Web Interface Generator 0.8 - Arbitrary File Upload
by Ihsan Sencan
qdPM 9.1 SQL Injection via filter_by Parameters
qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filter_by parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filter_by[CommentCreatedFrom] and filter_by[CommentCreatedTo] parameters to execute arbitrary SQL queries and retrieve sensitive data.
by AkkuS
CVSS 8.2
Anviz AIM CrossChex Standard 4.3.6.0 - Code Injection
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.
by LiquidWorm
CVSS 9.8
Gate Pass Management System 2.1 - 'login' SQL Injection
by Ihsan Sencan
Microstrategy Web - XSS
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product.
by Rafael Pedrero
CVSS 6.1
Microstrategy Web - XSS
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product.
by Rafael Pedrero
CVSS 6.1
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
by Ihsan Sencan
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
by Ihsan Sencan
South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection
by Ihsan Sencan
phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection
by Boumediene KADDOUR
By Source