Exploitdb Exploits
50,076 exploits tracked across all sources.
Microsoft Internet Explorer 11 32-bit - Use-After-Free
by Forrest Orr
AMD Fuel Service - 'Fuel.service' Unquote Service Path
by Hector Gerbacio
WordPress Plugin Welcart e-Commerce 2.0.0 - 'search[order_column][0]' SQL injection
by Erik David Martin
WordPress Plugin Supsystic Newsletter 1.5.5 - 'sidx' SQL injection
by Erik David Martin
WordPress Plugin Supsystic Data Tables Generator 1.9.96 - Multiple Vulnerabilities
by Erik David Martin
WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities
by Erik David Martin
SmartFoxServer 2X 2.17.0 - God Mode Console WebSocket XSS
by LiquidWorm
Jenzabar 9.2.0-9.2.2 - Cross-Site Scripting via Search Query Parameter
Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.
by y0ung_dst
CVSS 6.1
SmartFoxServer 2X 2.17.0 - God Mode Console Remote Code Execution
by LiquidWorm
SmartFoxServer 2X 2.17.0 - Credentials Disclosure
by LiquidWorm
PhreeBooks 5.2.3 - Authenticated RCE
PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server.
by Kr0ff
CVSS 8.8
LiteSpeed Web Server Enterprise 5.4.11 - Command Injection
LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path traversal and bash command injection.
by SunCSR
CVSS 8.8
PHPGurukul Car Rental Project 2.0 - Remote Shell Upload via changeimage1.php
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php.
by Jannick Tiger
CVSS 9.8
Pixelimity 1.0 - Cross-Site Request Forgery via Admin Setting Password Parameter
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.
by Noth
CVSS 6.8
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
by nu11secur1ty
CVSS 7.8
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
by West Shepherd
CVSS 7.8
PHPGurukul Student Record System 4.0 - SQL Injection via edit-course.php cid Parameter
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php.
by Jannick Tiger
CVSS 8.8
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
by Marco Ivaldi
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
by Marco Ivaldi
Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (3)
by Marco Ivaldi
Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (2)
by Marco Ivaldi
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)
by Marco Ivaldi
bloofoxCMS 0.5.2.1 Cross-Site Request Forgery via user add
bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts with arbitrary credentials without requiring explicit user consent.
by LiPeiYi
CVSS 5.3
ICREM H8 SSRMS - Insecure Direct Object Reference via Print Invoice Functionality
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality.
by Mohammed Farhan
CVSS 6.5
By Source