Exploitdb Exploits
31,364 exploits tracked across all sources.
Joomla! - SQL Injection
SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter.
by Ihsan Sencan
CVSS 9.8
Article Factory Manager 4.3.9 - SQL Injection
SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter.
by Ihsan Sencan
CVSS 9.8
AlphaIndex Dictionaries <1.0 - SQL Injection
SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter.
by Ihsan Sencan
CVSS 9.8
RICOH MP C6503 Plus Printer - Cross-Site Scripting
by Ismail Tasdelen
Auction Factory 4.5.5 - SQL Injection
SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter.
by Ihsan Sencan
CVSS 9.8
Micro Deal Factory 2.4.0 - SQL Injection
SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/.
by Ihsan Sencan
CVSS 9.8
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-14014. Reason: This candidate is a reservation duplicate of CVE-2020-14014. Notes: All CVE users should reference CVE-2020-14014 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
by Renzi
MyBB <1.8.19 - XSS
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.
by Numan OZDEMIR
CVSS 5.4
CWJoomla <2.0.7, <1.0.6 - SQL Injection
The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
by Haboob Team
CVSS 9.8
RICOH Aficio MP 301 Printer - Cross-Site Scripting
by Ismail Tasdelen
Google Chrome < 69.0.3497.81 - Out-of-Bounds Write
A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
by Google Security Research
CVSS 8.8
Google Chrome < 69.0.3497.81 - Out-of-Bounds Read
An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
by Google Security Research
CVSS 8.8
Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection
by Simon Brannstrom
Windows Kernel API - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka "Windows Registry Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 7.8
Windows - Privilege Escalation
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 3.3
Wechat Brodcast < 1.2.0 - Path Traversal
The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.
by Manuel García Cárdenas
CVSS 9.8
Localize MY Post - Path Traversal
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
by Manuel García Cárdenas
CVSS 7.5
Roundcube rcfilters <2.1.6 - XSS
In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings).
by Fahimeh Rezaei
CVSS 5.4
Ubisoft Uplay - Improper Input Validation
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process.
by Che-Chun Kuo
CVSS 8.8
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.
by Larry W. Cashdollar
CVSS 4.8
By Source