Exploitdb Exploits
50,076 exploits tracked across all sources.
Legrand BTicino Driver Manager F454 1.0.51 - CSRF, XSS
Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-site request forgery to change passwords and inject stored cross-site scripting payloads through unvalidated GET parameters.
by LiquidWorm
CVSS 5.3
Windows - Privilege Escalation in Win32k Component
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859.
by Arch-Vile
CVSS 7.8
Selfie Studio 2.17 Denial of Service via Resize Image
Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trigger a buffer overflow that crashes the application.
by Alejandra Sánchez
CVSS 6.2
TwistedBrush Pro Studio 24.06 Denial of Service via srp File
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the application by importing a malformed .srp script file. Attackers can create a .srp file containing an excessively large buffer and import it through the Script Player interface to trigger an application crash.
by Alejandra Sánchez
CVSS 6.2
TwistedBrush Pro Studio 24.06 Resize Image Denial of Service
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a malicious string into the New Width or New Height field to trigger a buffer overflow that causes the application to crash.
by Alejandra Sánchez
CVSS 6.2
TwistedBrush Pro Studio 24.06 Script Recorder Denial of Service
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder component that allows local attackers to crash the application by supplying an excessively large buffer. Attackers can paste a malicious string containing 500,000 characters into the Description field of the Script Recorder dialog to trigger an application crash.
by Alejandra Sánchez
CVSS 6.2
D-Link DWL-2600AP < 4.2.0.15 - Authenticated OS Command Injection via Firmware Upgrade Parameters
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter.
by Raki Ben Hamouda
CVSS 7.8
D-Link DWL-2600AP < 4.2.0.15 - Authenticated OS Command Injection via Save Configuration
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter.
by Raki Ben Hamouda
CVSS 7.8
U.motion Builder <1.3.4 - SQL Injection
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
by Julien Ahrens
CVSS 9.8
php-fusion < 9.03.00 - Authenticated Remote Code Execution via Avatar Upload
In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload.
by AkkuS
CVSS 8.8
D-Link DWL-2600AP < 4.2.0.15 - Authenticated OS Command Injection via Config Restore
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter.
by Raki Ben Hamouda
CVSS 7.8
DNSS Domain Name Search Software 2.1.8 Denial of Service
DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can trigger a denial of service by pasting a malicious registration code containing 300 repeated characters into the Name/Key field via the Register menu option.
by Victor Mondragón
CVSS 6.2
XOOPS CMS 2.5.9 - Unauthenticated SQL Injection via gerar_pdf.php cid Parameter
XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerar_pdf.php endpoint with malicious cid values to extract sensitive database information.
by felipe andrian
CVSS 8.2
SOCA Access Control System 180612 - Info Disclosure
SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like Get_Permissions_From_DB.php and Ac10_ReadSortCard.
by LiquidWorm
CVSS 7.5
SOCA Access Control System 180612 - SQL Injection
SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by exploiting injection flaws in Login.php and Card_Edit_GetJson.php.
by LiquidWorm
CVSS 8.2
SOCA Access Control System 180612 - Cross-Site Request Forgery
SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users into visiting a malicious site.
by LiquidWorm
CVSS 5.3
OpenProject 5.0.0-8.3.1 - SQL Injection via Activities API ID Parameter
A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.
by SEC Consult
CVSS 8.1
Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write
by Google Security Research
PHPRunner 10.1 Denial of Service via Dashboard Name Field
PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an application crash.
by Victor Mondragón
CVSS 6.2
ASPRunner.NET 10.1 Denial of Service via Table Name Field
ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table creation to trigger an application crash.
by Victor Mondragón
CVSS 6.2
By Source