Exploitdb Exploits
31,329 exploits tracked across all sources.
Trend Micro OfficeScan 11.0/XG (12.0) - Server Side Request Forgery
by hyp3rlinx
Trend Micro OfficeScan 11.0 - Info Disclosure
A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.
by hyp3rlinx
CVSS 7.5
Trend Micro OfficeScan <11.0 - Info Disclosure
Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.
by hyp3rlinx
CVSS 5.3
Trend Micro OfficeScan XG 12.0 - Host Header Injection
A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
by hyp3rlinx
CVSS 7.5
Netgear Readynas Surveillance Firmware < 1.1.4-7 - Command Injection
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.
by Kacper Szurek
CVSS 8.4
SmarterStats <11.3.6347 - XSS
SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.
by sqlhacker
CVSS 6.1
Mojoomla WPGYM <WordPress> - SQL Injection
Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.
by Ihsan Sencan
CVSS 8.8
Mojoomla WPCHURCH < - SQL Injection
Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.
by Ihsan Sencan
CVSS 8.8
Dasinfomedia Mojoomla WPAMS Apartment Management System for WordPress - SQL Injection
Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.
by Ihsan Sencan
CVSS 8.8
Mojoomla School Mgmt - SQL Injection
Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.
by Ihsan Sencan
CVSS 8.8
Mojoomla Hospital Management System for WordPress - SQL Injection
Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.
by Ihsan Sencan
CVSS 8.8
TeamWork TicketPlus - Code Injection
TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.
by Ihsan Sencan
CVSS 8.8
Mojoomla SMSmaster - SQL Injection
Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.
by Ihsan Sencan
CVSS 8.8
TeamWork Photo Fusion - Arbitrary File Upload
TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover.
by Ihsan Sencan
CVSS 8.8
TeamWork Job Links - Path Traversal
TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.
by Ihsan Sencan
CVSS 8.8
Mojoomla AMC - Arbitrary File Upload
Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.
by Ihsan Sencan
CVSS 6.5
FLIR Thermal Camera FC-S/PT <8.0.0.64 - Command Injection
FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complete control of the thermal camera system.
by LiquidWorm
CVSS 8.8
FLIR Thermal Camera - Auth Bypass
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.
by LiquidWorm
CVSS 7.5
FLIR Thermal Camera F/FC/PT/D Stream <8.0.0.64 - Info Disclosure
FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication.
by LiquidWorm
CVSS 7.5
FLIR Thermal Camera F/FC/PT/D <8.0.0.64 - Info Disclosure
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.
by LiquidWorm
CVSS 6.2
Adobe Flash Player < 26.0.0.151 - Memory Corruption
Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
by Google Security Research
CVSS 9.8
By Source