Exploitdb Exploits
31,364 exploits tracked across all sources.
ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting
by Ismail Tasdelen
Billion ADSL Router 400G 20151105641 - Cross-Site Scripting
by cakes
PCProtect Anti-Virus <4.8.35 - Privilege Escalation
PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
by Hashim Jawad
CVSS 7.8
Microsoft Edge - Privilege Escalation
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469.
by Google Security Research
CVSS 7.4
Windows - Privilege Escalation
An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 4.7
Rausoft ID.prove <2.95 - SQL Injection
An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.
by Ilya Timchenko
CVSS 9.8
iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection
by Sureshbabu Narvaneni
Microsoft Edge - Privilege Escalation
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8463.
by Google Security Research
CVSS 7.4
Alcatel OSPREY3_MINI - Privilege Escalation
The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory.
by Osanda Malith Jayathissa
CVSS 7.8
ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting
by Ismail Tasdelen
Linux kernel <4.18.8 - Use After Free
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
by Google Security Research
CVSS 7.8
Dutch Auction Factory 2.0.2 - SQL Injection
SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
by Ihsan Sencan
CVSS 9.8
Super Cms Blog Pro 1.0 - SQL Injection
SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter.
by Ihsan Sencan
CVSS 9.8
Joomla! Timetable Schedule <3.6.8 - SQL Injection
SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter.
by Ihsan Sencan
CVSS 9.8
Swap Factory 2.2.1 - SQL Injection
SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter.
by Ihsan Sencan
CVSS 9.8
Social Factory 3.8.3 - SQL Injection
SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter.
by Ihsan Sencan
CVSS 9.8
Joomla! Reverse Auction Factory 4.3.8 - SQL Injection
SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter.
by Ihsan Sencan
CVSS 9.8
Joomla! Component Responsive Portfolio 1.6.1 - 'filter_order_Dir' SQL Injection
by AkkuS
Raffle Factory 3.5.2 - SQL Injection
SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
by Ihsan Sencan
CVSS 9.8
Joomla! 1.4.3 - SQL Injection
SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter.
by Ihsan Sencan
CVSS 9.8
Penny Auction Factory 2.0.4 - SQL Injection
SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla! via the filter_order_Dir or filter_order parameter.
by Ihsan Sencan
CVSS 9.8
Music Collection 3.0.3 - SQL Injection
SQL Injection exists in the Music Collection 3.0.3 component for Joomla! via the id parameter.
by Ihsan Sencan
CVSS 9.8
Jobs Factory 2.0.4 - SQL Injection
SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter.
by Ihsan Sencan
CVSS 9.8
Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
by AkkuS
By Source