Exploitdb Exploits
50,083 exploits tracked across all sources.
X-NetStat Pro 5.63 Local Buffer Overflow via EggHunter
X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to locate and execute the payload when the application processes malicious input through HTTP Client or Rules functionality.
by Peyman Forouzan
CVSS 8.4
Zeeways Jobsite CMS Lastest SQL Injection via id Parameter
Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can send crafted requests to news_details.php, jobs_details.php, or job_cmp_details.php with malicious 'id' values using GROUP BY and CASE statements to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Zeeways Matrimony CMS Lastest SQL Injection via profile_list
Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL code via the up_cast, s_mother, and s_religion parameters to extract sensitive database information using time-based or error-based techniques.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V1 - Auth Bypass
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and password fields of the admingiris.php login form to bypass authentication and access the administrative interface.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST requests to uyelik.php with crafted payloads in the option parameter to execute time-based SQL injection attacks and extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter to extract sensitive data or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send requests to haberarsiv.php with malicious cid values using UNION-based injection to extract sensitive database information or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V1 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter. Attackers can send GET requests to gallery.php with malicious gallery_id values using UNION-based SQL injection to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V3 - Auth Bypass
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and 'or' operators as username and password parameters to access the administration panel without valid credentials.
by Ahmet Ümit BAYRAM
CVSS 7.5
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data from the database or bypass authentication controls.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send GET requests to datagetir.php with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information or bypass authentication.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive database information or modify database contents.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V3 - SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using UNION-based injection to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Jettweb PHP Hazir Haber Sitesi Scripti V2 - Auth Bypass
Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and password fields of the admingiris.php login form to bypass authentication and access the administrative interface.
by Ahmet Ümit BAYRAM
CVSS 8.2
F5 BIG-IP <13.1.0.3 - Privilege Escalation
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
by Google Security Research
CVSS 7.2
VMware Workstation <15.0.3-14.1.6 - Privilege Escalation
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.
by Google Security Research
CVSS 8.8
Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting
by Ozer Goker
Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting
by Ozer Goker
Inout Article Base CMS Lastest SQL Injection via portalLogin.php
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information or cause denial of service through time-based attacks.
by Ahmet Ümit BAYRAM
CVSS 8.2
Matrimony Website Script M-Plus Multiple SQL Injection
Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, and cboCountry across simplesearch_results.php, advsearch_results.php, specialcase_results.php, locational_results.php, and registration2.php to extract sensitive database information or execute arbitrary SQL commands.
by Ahmet Ümit BAYRAM
CVSS 8.2
Meeplace Business Review Script Lastest SQL Injection via addclick.php
Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id' parameter to extract sensitive database information or cause denial of service.
by Ahmet Ümit BAYRAM
CVSS 7.1
Canonical snapd <2.37.4 - Privilege Escalation
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This issue affects: Canonical snapd versions prior to 2.37.4.
by Google Security Research
CVSS 7.5
Bootstrapy CMS Lastest Multiple SQL Injection via Forum and Contact Modules
Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the thread_id parameter of forum-thread.php, the subject parameter of contact-submit.php, the post-id parameter of post-new-submit.php, and the thread-id parameter to extract sensitive database information or cause denial of service.
by Ahmet Ümit BAYRAM
CVSS 8.2
Netartmedia Vlog System Lastest SQL Injection via email Parameter
Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgotten_password module to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
uHotelBooking System - SQL Injection
uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system_page GET parameter. Attackers can send crafted requests to index.php with malicious system_page values using time-based blind SQL injection techniques to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
By Source