Exploitdb Exploits
49,983 exploits tracked across all sources.
OpenProject <8.3.2 - SQL Injection
A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.
by SEC Consult
CVSS 8.1
Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write
by Google Security Research
PHPRunner 10.1 Denial of Service via Dashboard Name Field
PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an application crash.
by Victor Mondragón
CVSS 6.2
ASPRunner.NET 10.1 Denial of Service via Table Name Field
ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table creation to trigger an application crash.
by Victor Mondragón
CVSS 6.2
jetCast Server 2.0 Denial of Service via Log Directory
jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then click Start to trigger a crash that terminates the server process.
by Victor Mondragón
CVSS 5.5
SpotPaltalk 1.1.5 Name/Key Field Denial of Service
SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can paste a buffer of 1000 characters into the Name/Key field during registration to trigger a crash when the OK button is clicked.
by Alejandra Sánchez
CVSS 5.5
CyberArk Enterprise Password Vault <=10.7 - XXE
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.
by Marcelo Toran
CVSS 9.8
TheHive Project UnshortenLink analyzer <1.1 - SSRF
TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter. The result can be seen in the main dashboard. Thus, it is possible to do port scans on localhost and intranet hosts.
by Alexandre Basquin
CVSS 7.7
jetAudio 8.1.7 Denial of Service via File Naming Buffer Overflow
jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming field. Attackers can paste a malicious buffer of 512 bytes into the File Naming parameter and trigger the crash by clicking the Preview button, causing a denial of service.
by Alejandra Sánchez
CVSS 5.5
Lyric Maker 2.0.1.0 Denial of Service via Buffer Overflow
Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Attackers can paste a 5000-byte buffer into the Title input field and save the file to trigger a denial of service condition.
by Alejandra Sánchez
CVSS 6.2
Lyric Video Creator 2.1 Denial of Service via MP3 File
Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an oversized buffer and trigger the crash by opening the file through the Browse song functionality.
by Alejandra Sánchez
CVSS 7.5
Zohocorp Manageengine Adselfservice Plus - XSS
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.
by Ibrahim Raafat
CVSS 6.1
MiniFtp parseconf_load_setting Buffer Overflow via Configuration
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite the return address, enabling code execution with root privileges.
by strider
CVSS 8.4
NetNumber Titan Master 7.9.1 Path Traversal via drp
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../ sequences to bypass authorization and retrieve sensitive system files like /etc/shadow.
by MobileNetworkSecurity
CVSS 6.5
jetAudio 8.1.7.20702 Basic Denial of Service via URL Handler
jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causing the application to terminate abnormally.
by Victor Mondragón
CVSS 6.2
Google Chrome < 72.0.3626.121 - Use After Free
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
by Metasploit
CVSS 6.5
IBM Domino - Memory Corruption
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749.
by Charles Truscott
CVSS 8.8
Postgresql < 11.2 - OS Command Injection
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.
by Metasploit
CVSS 7.2
Oracle Agile Plm < 5.2.36 - Injection
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by Metasploit
CVSS 9.8
Easy Chat Server 3.1 Denial of Service via message Parameter
Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash.
by Miguel Mendez Z
CVSS 7.5
By Source