Exploitdb Exploits
31,329 exploits tracked across all sources.
Linux Kernel - Access Control
An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490.
by Roee Hay
CVSS 7.8
Progress Sitefinity CMS <10.1 - XSS
Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages Parameter : Image Title, /Content/links Parameter : Link Title, /Content/links Parameter : Link Title, or /Content/Videos/LibraryVideos/default-video-library Parameter : Video Title.
by Pralhad Chaskar
CVSS 6.1
Huge-IT Video Gallery v1.0.9 - SQL Injection
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
by Larry W. Cashdollar
CVSS 9.8
Huge-IT Catalog <1.0.7 - SQL Injection
Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla
by Larry W. Cashdollar
CVSS 9.8
Huge-IT Portfolio Gallery Plugin <1.0.6 - SQL Injection
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6
by Larry W. Cashdollar
CVSS 9.8
Rapid7 Metasploit < 4.14.1 - CSRF
The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.
by Dhiraj Mishra
CVSS 6.5
Joomla! Component Joomanager 2.0.0 - 'com_Joomanager' Arbitrary File Download (PoC)
by Ihsan Sencan
User Login and Management - Multiple Vulnerabilities
by Ali BawazeEer
Dlink Dir-600 B1 Firmware - Path Traversal
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.
by Jithin D Kurup
CVSS 9.8
WYSIWYG HTML Editor PRO 1.0 - Arbitrary File Download
by Ihsan Sencan
Schools Alert Management Script - Authentication Bypass
by Ali BawazeEer
PHP Appointment Booking Script - Authentication Bypass
by Ali BawazeEer
Login-Reg Members Management PHP 1.0 - Arbitrary File Upload
by Ihsan Sencan
NethServer 7.3.1611 - Cross-Site Request Forgery / Cross-Site Scripting
by LiquidWorm
By Source