Exploitdb Exploits
49,989 exploits tracked across all sources.
Joomla! Component J-ClassifiedsManager 3.0.5 - SQL Injection
by Ihsan Sencan
Joomla! Component J-BusinessDirectory 4.9.7 - 'type' SQL Injection
by Ihsan Sencan
Nagios XI - OS Command Injection
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
by Chris Lyne
CVSS 7.8
Microsoft Windows VCF or Contact' File - URL Manipulation-Spoof Arbitrary Code Execution
by Eduardo Braun Prado
Joomla! Component Easy Shop 1.2.3 - Local File Inclusion
by Ihsan Sencan
Echo Mirage 3.1 Stack Buffer Overflow via Rules Action Field
Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action field. Attackers can create a malicious text file with a crafted payload exceeding buffer boundaries and paste it into the action field through the Rules dialog to trigger the overflow and overwrite the return address.
by InitD Community
CVSS 8.4
Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile
Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user credentials and gain administrative access.
by Joner de Mello Assolin
CVSS 7.1
Kepler Wallpaper Script 1.1 SQL Injection via category
Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to extract database information including usernames, database names, and MySQL version details.
by Ihsan Sencan
CVSS 8.2
PHP Dashboards NEW 5.8 - 'dashID' SQL Injection
by Ihsan Sencan
Labapart Gattlib - Out-of-Bounds Read
GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused.
by Dhiraj Mishra
CVSS 8.8
Linux Kernel < 4.16.9 - Information Disclosure
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
by wally0813
CVSS 5.5
7 Tik 1.0.1.0 Denial of Service via Search
7 Tik 1.0.1.0 contains a denial of service vulnerability that allows attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers can paste a buffer of 7700 characters into the search bar to trigger an application crash.
by 0xB9
CVSS 7.5
Eco Search 1.0.2.0 Denial of Service
Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar and trigger a crash by initiating a search operation.
by 0xB9
CVSS 6.2
FastTube 1.0.1.0 Denial of Service via Search
FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 1900 characters into the search bar and trigger a crash when the search operation is executed.
by 0xB9
CVSS 6.2
One Search 1.1.0.0 Denial of Service
One Search 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar to trigger an unhandled exception that crashes the application.
by 0xB9
CVSS 6.2
VPN Browser+ 1.1.0.0 Denial of Service
VPN Browser+ 1.1.0.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of characters into the search bar to trigger an unhandled exception that terminates the application.
by 0xB9
CVSS 7.5
Watchr 1.1.0.0 Denial of Service via Search
Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to cause the application to crash.
by 0xB9
CVSS 6.2
phpTransformer 2016.9 Directory Traversal via jQueryFileUpload
phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the path parameter. Attackers can send requests to the jQueryFileUploadmaster server endpoint with traversal sequences ../../../../../../ to list and retrieve files outside the intended directory.
by Ihsan Sencan
CVSS 7.5
By Source