Exploitdb Exploits
31,346 exploits tracked across all sources.
Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory
by Google Security Research
Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value
by Google Security Research
Owndms Ownticket - SQL Injection
OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter.
by Ihsan Sencan
CVSS 9.8
PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add Admin)
by Alireza Norkazemi
FLIR AX8 Thermal Camera 1.32.16 - Auth Bypass
FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and password combinations.
by LiquidWorm
CVSS 9.8
Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)
by Ihsan Sencan
Time and Expense Management System 3.0 - 'table' SQL Injection
by Ihsan Sencan
Bigtreecms Bigtree Cms - XSS
In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area).
by Ismail Tasdelen
CVSS 6.1
Tp-link Tl-sc3130 Firmware - Information Disclosure
TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI.
by LiquidWorm
CVSS 7.5
Windows - Privilege Escalation
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 7.8
WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
by Ismail Tasdelen
Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection
by Ihsan Sencan
MV Video Sharing Software 1.2 - 'searchname' SQL Injection
by Ihsan Sencan
GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection
by Ihsan Sencan
Coderpixel Advanced Hrm - Unrestricted File Upload
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
by Renos Nikolaou
CVSS 8.8
Webpanel - Path Traversal
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI.
by seccops
CVSS 7.5
Webpanel - OS Command Injection
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter.
by seccops
CVSS 9.8
Alchemy-cms Alchemy Cms - XSS
A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. NOTE: the vendor's position is that this is not a valid report: "The researcher used an authorized cookie to perform the request to a password-protected route. Without that session cookie, the request would have been rejected as unauthorized."
by Ismail Tasdelen
CVSS 6.1
By Source