Exploitdb Exploits
31,364 exploits tracked across all sources.
CVSS 6.1
procps-ng <3.3.15 - Privilege Escalation
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
by Qualys Corporation
CVSS 7.8
Searchblox - CSRF
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.
by Ahmet Gurel
CVSS 8.8
GNU Barcode 0.99 - Buffer Overflow
GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system.
by LiquidWorm
CVSS 9.8
Sitemakin Slac - SQL Injection
An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection.
by Divya Jain
CVSS 9.8
Changuondyu Advanced Statistics - XSS
An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field.
by 0xB9
CVSS 6.1
Nuuo Nvrmini 2 Firmware < 3.6.5 - Unrestricted File Upload
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.
by M3@Pandas
CVSS 9.8
TP-Link TL-WR840N/TL-WR841N <5 - Info Disclosure
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action.
by BlackFog Team
CVSS 9.8
Creatiwity Witycms - XSS
Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.
by Nathu Nandwani
CVSS 4.8
Joomla! Component Full Social 1.1.0 - 'search_query' SQL Injection
by L0RD
Domainmod - XSS
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.
by longer
CVSS 6.1
Domainmod - XSS
DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.
by longer
CVSS 5.4
WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
by AkkuS
Ingenious School Management System - 'id' SQL Injection
by Meisam Monsef
Clippercms - XSS
Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.
by Nathu Nandwani
CVSS 4.8
By Source