Exploitdb Exploits
31,364 exploits tracked across all sources.
Ghostscript - Multiple Vulnerabilities
by Google Security Research
Geutebrueck RE Porter 16 Firmware - Information Disclosure
Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP port 12003.
by Kamil Suska
CVSS 9.8
Geutebrueck RE Porter 16 Firmware < 7.8.974.20 - XSS
A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or /images/*.png on TCP port 12005.
by Kamil Suska
CVSS 6.1
Project64 2.3.2 Denial of Service via Plugin Directory
Project64 2.3.2 contains a buffer overflow vulnerability in the Plugin Directory settings field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 6000-byte payload into the Plugin Directory field through the Options > Settings > Directories interface to trigger an application crash when settings are reopened.
by Gionathan Reale
CVSS 6.2
Ninja Forms <3.3.14.1 - Code Injection
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
by Mostafa Gharzi
CVSS 8.6
Tagregator - XSS
The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.
by ManhNho
CVSS 4.8
WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection
by Çlirim Emini
Moderator Log Notes - CSRF
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF.
by 0xB9
CVSS 6.5
WordPress <1.1.1 - Code Injection
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection.
by Javier Olmedo
CVSS 8.6
Pimcore <5.3.0 - SQL Injection
Pimcore before 5.3.0 allows SQL Injection via the REST web service API.
by SEC Consult
CVSS 6.5
Pimcore <5.3.0 - CSRF
Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function.
by SEC Consult
CVSS 8.8
OpenEMR <5.0.1.4 - Path Traversal
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.
by Joshua Fam
CVSS 6.5
OpenEMR <5.0.1.4 - Path Traversal
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get.
by Joshua Fam
CVSS 6.5
Pimcore - XSS
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.
by SEC Consult
CVSS 5.4
OpenEMR <5.0.1.4 - RCE
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed directory.
by Joshua Fam
CVSS 8.8
WebKit <2.20.3-2.20.1 - Buffer Overflow
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.
by PeregrineX
CVSS 8.8
TP-Link WR840N - Buffer Overflow
TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header.
by Aniket Dinda
CVSS 7.5
Asustor Adm < 3.1.2.rhg1 - OS Command Injection
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.
by Kyle Lovett
CVSS 9.8
Asustor Data Master - Hard-coded Credentials
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.
by Kyle Lovett
CVSS 9.8
JioFi 4G Hotspot M2S - XSS
JioFi 4G Hotspot M2S devices allow attackers to cause a denial of service (secure configuration outage) via an XSS payload in the SSID name and Security Key fields.
by Vikas Chaudhary
CVSS 6.5
By Source