Exploitdb Exploits
49,983 exploits tracked across all sources.
Opencart < 3.0.3.2 - XSS
OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages.
by Nipun Somani
CVSS 4.8
Craft <2.7.10-3.2.6 - Info Disclosure
In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.
by Mohammed Abdul Raheem
CVSS 5.3
Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery
by Bhadresh Patel
Alkacon Opencms Apollo Template < 11.0.1 - Path Traversal
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp.
by Aetsu
CVSS 4.3
Alkacon Opencms < 11.0.1 - XSS
In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.
by Aetsu
CVSS 6.1
Alkacon Opencms Apollo Template < 11.0.1 - XSS
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.
by Aetsu
CVSS 6.1
Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Metasploit)
by James Bercegay
Cisco Email Security Appliance (IronPort) C160 - 'Host' Header Injection
by Todor Donev
SQL Server Password Changer 1.90 - Buffer Overflow
SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition.
by Velayutham Selvaraj_ Praveen Thiyagarayam
CVSS 6.2
Easy MP3 Downloader 4.7.8.8 - Buffer Overflow
Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field during application startup to trigger a denial of service condition.
by Mohan Ravichandran_ Snazzy Sanoj
CVSS 6.2
YouPHPTube 7.4 - Info Disclosure
In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code.
by Damian Ebelties
CVSS 9.8
VX Search Enterprise 10.4.16 - 'User-Agent' Denial of Service
by James Chamberlain
VX Search Enterprise 10.4.16 - 'User-Agent' Denial of Service
by James Chamberlain
Asus Precision Touchpad - Access Control
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.
by Athanasios Tserpelis
CVSS 9.8
WebAppick WooCommerce Product Feed <2.2.18 - XSS
WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to RCE via editing theme files in WordPress. The component is: admin/partials/woo-feed-manage-list.php:63. The attack vector is: Administrator must be logged in.
by Damian Ebelties
CVSS 5.4
Sentrifugo 3.2 - XSS
Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML.
by creosote
CVSS 5.4
Sentrifugo 3.2 - RCE
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell.
by creosote
CVSS 8.8
DomainMOD <4.13 - XSS
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.
by Damian Ebelties
CVSS 6.1
Canon PRINT - Info Disclosure
The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key.
by 0x48piraj
CVSS 5.5
Jobberbase 2.0 - SQL Injection
In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection.
by Damian Ebelties
CVSS 9.8
Kartatopia PilusCart <1.4.1 - Info Disclosure
In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.
by Damian Ebelties
CVSS 7.5
Apple Icloud < 7.13 - Out-of-Bounds Write
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
By Source