Exploitdb Exploits
50,076 exploits tracked across all sources.
Ricoh Printer Drivers - Local Privilege Escalation via Incorrect Permission Assignment
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version
by pentagrid
CVSS 7.8
Microsoft SharePoint - Remote Code Execution via Application Package Source Markup
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
by Voulnet
CVSS 9.8
ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection
by Ertebat Gostar Co
Adive Framework 2.0.8 - Cross-Site Request Forgery in Admin Config
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.
by Sarthak Saini
CVSS 8.8
Adive Framework 2.0.8 - Stored Cross-Site Scripting via User Add Function
Adive Framework 2.0.8 has admin/user/add userName XSS.
by Sarthak Saini
CVSS 6.1
Adive Framework 2.0.8 - Stored Cross-Site Scripting via userUsername Parameter
Adive Framework 2.0.8 has admin/user/add userUsername XSS.
by Sarthak Saini
CVSS 6.1
Easy XML Editor <1.7.8 - XML External Entity Injection
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload.
by Javier Olmedo
CVSS 8.1
Sysax Multi Server 5.50 - Denial of Service (PoC)
by Shailesh Kumavat
Centreon Web , 18.10.x , 19.04.x , 19.10.x <2.8.30 <18.10.8 <19.04.5 - Remote Code Execution
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.
by TheCyberGeek
CVSS 7.2
WordPress Time Capsule Plugin 1.21.16 Authentication Bypass
WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWP_JSON_PREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies and access the WordPress dashboard without providing credentials.
by B. Canavate
CVSS 7.5
Torrent FLV Converter <1.51 Build 117 - Buffer Overflow
Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers to overwrite Structured Exception Handler (SEH) through a malicious registration code input. Attackers can craft a payload with specific offsets and partial SEH overwrite techniques to potentially execute arbitrary code on vulnerable Windows 32-bit systems.
by antonio
CVSS 9.8
Nsasoft Nsauditor GTalk Password Finder 2.2.1 - Denial of Service via Oversized Registration Key
GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
APKF Product Key Finder <2.5.8.0 - DoS
APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
Trend Micro Maximum Security 2019 - Privilege Escalation
by hyp3rlinx
Trend Micro Maximum Security 2019 - Arbitrary Code Execution
by hyp3rlinx
Poly Plantronics Hub <3.14 - Privilege Escalation
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges.
by Metasploit
CVSS 7.8
WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
by Raphael Karger
SunOS 5.10 Generic_147148-26 - Local Privilege Escalation
by Marco Ivaldi
Postie < 1.9.40 - Cross-Site Scripting via SVG Element
The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element.
by V1n1v131r4
CVSS 5.4
Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection
by Fatih Çelik
Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection
by Fatih Çelik
Rukovoditel Project Management CRM 2.5.2 - 'entities_id' SQL Injection
by Fatih Çelik
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
by Dhiraj Mishra
CVSS 9.8
By Source