Exploitdb Exploits
49,989 exploits tracked across all sources.
Apple Safari < 12.0.2 - Memory Corruption
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
by Google Security Research
CVSS 8.8
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
by Bogdan Kurinnoy
Blueman <2.0.3 - Privilege Escalation
The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument.
by Metasploit
CVSS 8.4
Ntpsec < 1.1.3 - Out-of-Bounds Read
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.
by Magnus Klaaborg Stubman
CVSS 9.1
Ntpsec < 1.1.3 - NULL Pointer Dereference
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.
by Magnus Klaaborg Stubman
CVSS 6.5
Ntpsec < 1.1.3 - Out-of-Bounds Read
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.
by Magnus Klaaborg Stubman
CVSS 9.1
Ntpsec < 1.1.3 - Out-of-Bounds Write
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.
by Magnus Klaaborg Stubman
CVSS 6.5
Gl-inet Gl-ar300m-lite Firmware - Command Injection
Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
by Pasquale Turi
CVSS 8.8
Fortinet Fortiadc < 5.4.5 - Incorrect Permission Assignment
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
by Julio Ureña
CVSS 4.3
Coship Rt3050 Firmware - Authentication Bypass
An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.
by Adithyan AK
CVSS 9.8
ownDMS 4.7 SQL Injection via pdfstream.php imagestream.php
ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the IMG parameter to extract sensitive database information including version and database names.
by Ihsan Sencan
CVSS 8.2
1password - Improper Input Validation
The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance.
by Valerio Brussani
CVSS 5.9
Across DR-810 ROM-0 Unauthenticated File Disclosure
Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the backup file, exposing router passwords and other sensitive configuration data.
by SajjadBnd
CVSS 7.5
i-doit CMDB 1.12 Arbitrary File Download via file_manager Parameter
i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with file_manager=image and supply arbitrary file paths like src/config.inc.php to retrieve configuration files and sensitive system data.
by Ihsan Sencan
CVSS 6.5
i-doit CMDB 1.12 SQL Injection via objGroupID Parameter
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
HealthNode Hospital Management System 1.0 - SQL Injection
SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php.
by Ihsan Sencan
CVSS 9.8
Live Call Support App 1.5 - CSRF
CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account.
by Ihsan Sencan
CVSS 8.8
Twilio WEB To Fax Machine System 1.0 - SQL Injection
SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php.
by Ihsan Sencan
CVSS 9.8
Hootoo Tripmate Titan Ht-tm05 Firmware - OS Command Injection
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.
by Andrei Manole
CVSS 9.8
Umbraco CMS <7.15.10 - Authenticated RCE
Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
by Gregory Draperi
CVSS 7.2
Portier - SQL Injection
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number.
by SySS GmbH
CVSS 9.8
Microsoft Windows 10 1507 - Authentication Bypass
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 7.8
Windows Data Sharing Service - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0573.
by Google Security Research
CVSS 7.8
Windows Data Sharing Service - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0573, CVE-2019-0574.
by Google Security Research
CVSS 7.8
By Source