Exploitdb Exploits
50,083 exploits tracked across all sources.
Smoothwall Express 3.1-SP4 XSS via urlfilter.cgi REDIRECT_PAGE/CHILDREN
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECT_PAGE or CHILDREN parameters to execute arbitrary JavaScript in user browsers.
by Ozer Goker
CVSS 7.2
Smoothwall Express 3.1-SP4-polar-x86_64-update9 - Stored and Reflected Cross-Site Scripting via proxy.cgi Parameters
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHE_SIZE, MAX_SIZE, MIN_SIZE, MAX_OUTGOING_SIZE, and MAX_INCOMING_SIZE. Attackers can submit POST requests with script payloads to store or reflect arbitrary JavaScript code that executes in users' browsers when the proxy configuration page is accessed.
by Ozer Goker
CVSS 6.1
MyBB Ban List Plugin 1.0 - Stored Cross-Site Scripting via Ban Reason Field
In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.
by 0xB9
CVSS 5.4
IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter)
by Juan Prescotto
IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter)
by Juan Prescotto
Avast Anti-Virus < 19.1.2360 - Local Credentials Disclosure
by Nathu Nandwani
NUUO NVRmini Firmware - Remote Command Execution via uploaddir Parameter
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
by Metasploit
CVSS 9.8
Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
by Metasploit
CVSS 9.8
AVEVA Software, LLC InduSoft Web Studio <8.1 SP3 & InTouch Edge HMI...
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine.
by Jacob Baines
CVSS 7.5
CentOS-WebPanel.com <0.9.8.763 - XSS
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter.
by DKM
CVSS 4.8
Evince CBT File Command Injection
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
by Metasploit
CVSS 7.8
Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset
by Adithyan AK
AirDroid < 4.2.1.6 - Denial of Service via sdctl/comm/lite_auth Requests
The AirDroid application through 4.2.1.6 for Android allows remote attackers to cause a denial of service (service crash) via many simultaneous sdctl/comm/lite_auth/ requests.
by s4vitar
CVSS 7.5
osCommerce < 2.3.4.1 - Unauthenticated SQL Injection via Currency Parameter
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shopping_cart.php with malicious currency values using boolean-based SQL injection payloads to extract sensitive database information.
by Mehmet EMIROGLU
CVSS 8.2
osCommerce 2.3.4.1 - Unauthenticated SQL Injection via products_id Parameter
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can modify the products_id value in product_info.php requests and append boolean-based SQL injection payloads to extract sensitive database information.
by Mehmet EMIROGLU
CVSS 8.2
osCommerce 2.3.4.1 - Unauthenticated SQL Injection via reviews_id Parameter
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can send GET requests to product_reviews_write.php with malicious reviews_id values using boolean-based SQL injection payloads to extract sensitive database information.
by Mehmet EMIROGLU
CVSS 8.2
River Past Audio Converter 7.7.16 - Buffer Overflow (SEH)
by Matteo Malvica
River Past Audio Converter 7.7.16 - Buffer Overflow (SEH)
by Matteo Malvica
Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows
by Google Security Research
Device Monitoring Studio 8.10.00.8925 Denial of Service
Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing repeated characters through the Tools menu Connect to New Server interface.
by Victor Mondragón
CVSS 6.2
River Past Audio Converter 7.7.16 Local Buffer Overflow DoS
River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation code field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a large payload of repeated characters into the 'E-Mail and Activation Code' field and click 'Activate' to trigger a denial of service condition.
by Achilles
CVSS 5.5
Devolo dLAN 500 AV Wireless+ <3.1.0-1 - CSRF
Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that trigger unauthorized configuration changes by exploiting predictable URL actions when a logged-in user visits the site.
by sm
CVSS 5.3
By Source