Exploitdb Exploits
31,392 exploits tracked across all sources.
Joomla! Component com_enmasse 5.1 < 6.4 - SQL Injection
by Hamed Izadi
BookingWizz Booking System < 5.5 - Multiple Vulnerabilities
by Mehmet Ince
Google Chrome - GPU Process MailboxManagerImpl Double-Read
by Google Security Research
Hyperoptic (Tilgin) Router HG23xx - Multiple Vulnerabilities
by LiquidWorm
Joomla! Component com_payplans 3.3.6 - SQL Injection
by Persian Hack Team
Grid Gallery 1.0 - Admin Panel Authentication Bypass
by Ali BawazeEer
FRticket Ticket System - Persistent Cross-Site Scripting
by Hamit Abis
Dream Gallery 2.0 - Admin Panel Authentication Bypass
by Ali BawazeEer
Foxit PDF Reader 1.0.1.0925 - kdu_core::kdu_codestream::get_subsampling Memory Corruption
by Google Security Research
Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Memory Corruption
by Google Security Research
Foxit PDF Reader 1.0.1.0925 - CPDF_DIBSource::TranslateScanline24bpp Out-of-Bounds Read
by Google Security Research
Foxit PDF Reader 1.0.1.0925 - CFX_WideString::operator= Invalid Read
by Google Security Research
Foxit PDF Reader 1.0.1.0925 - CFX_BaseSegmentedArray::IterateIndex Memory Corruption
by Google Security Research
Matrix42 Remote Control Host 3.20.0031 Unquoted Path Privilege Escalation
Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can place a malicious executable in the Program Files directory with a crafted name to be executed by the service during startup, gaining elevated privileges.
by Roland C. Redl
CVSS 7.8
Riot Games League of Legends - Insecure File Permissions Privilege Escalation
by Cyril Vallicari
Android 4.x-5.1.x and 6.x before 2016-06-01 - Privilege Escalation via sdcard Off-by-One Error
Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658.
by Google Security Research
CVSS 7.8
Cisco EPC3928 Firmware - Denial of Service via Long LanguageSelect Parameter
goform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long LanguageSelect parameter, related to a "Gateway HTTP Corruption Denial of Service" issue, aka Bug ID CSCuy28100.
by Patryk Bogdan
CVSS 7.5
Cisco EPC3928 Firmware - Denial of Service via Long h_sortWireless Parameter
goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a "Gateway Client List Denial of Service" issue, aka Bug ID CSCux24948.
by Patryk Bogdan
CVSS 7.5
Cisco EPC3928 EDVA 5.5.10, 5.5.11, 5.7.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCux24935.
by Patryk Bogdan
Cisco EPC3928 EDVA 5.5.10/5.5.11/5.7.1 - Unauthenticated Admin Function Execution
Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941.
by Patryk Bogdan
By Source