Exploitdb Exploits
50,091 exploits tracked across all sources.
Joomla! Component JoomProject 1.1.3.2 Information Disclosure
Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=com_jpprojects&view=projects&tmpl=component&format=json parameters to retrieve user IDs, names, and email addresses in JSON format.
by Ihsan Sencan
CVSS 7.5
Joomla! Component JoomCRM 1.1.1 SQL Injection via deal_id
Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the deal_id parameter. Attackers can send GET requests to index.php with option=com_joomcrm&view=contacts and inject SQL code in the deal_id parameter to extract sensitive database information including table names and schemas.
by Ihsan Sencan
CVSS 7.1
Blob Studio 2.17 Denial of Service via Malformed Input
Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causing the application to crash or become unresponsive.
by Ihsan Sencan
CVSS 6.2
Liquid Studio 2.17 Denial of Service via Malformed Input
Liquid Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causing the application to become unresponsive or terminate abnormally.
by Ihsan Sencan
CVSS 6.2
Luminance Studio 2.17 Denial of Service via Malformed Input
Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create a text file with arbitrary character sequences and trigger the application to process the input, causing the application to become unresponsive or terminate abnormally.
by Ihsan Sencan
CVSS 6.2
Paint Studio 2.17 Denial of Service via Malformed Input
Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of characters and trigger the application to read it, causing the application to crash and become unavailable.
by Ihsan Sencan
CVSS 6.2
Pixel Studio 2.17 Denial of Service via Malformed Input
Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters, causing the application to become unresponsive or terminate abnormally.
by Ihsan Sencan
CVSS 6.2
Tree Studio 2.17 Denial of Service via Malformed Input
Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causing the application to become unresponsive or terminate abnormally.
by Ihsan Sencan
CVSS 6.2
Adapt Inventory Management System 1.0 - SQL Injection
by Ihsan Sencan
OpenSSH < 7.9 - Arbitrary File Write via Malicious SCP Server
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
by Harry Sintonen
CVSS 5.9
RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass
RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.
by bzyo
CVSS 8.4
eBrigade ERP 4.5 SQL Injection via pdf.php
eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table names and schema details.
by Ihsan Sencan
CVSS 7.1
PEAR Archive_Tar <1.4.3 - Code Injection
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. If another class with useful gadget is loaded, it may possible to cause remote code execution that can result in files being deleted or possibly modified. This vulnerability appears to have been fixed in 1.4.4.
by Fariskhi Vidyan
CVSS 8.8
Matrix MLM Script 1.0 - Information Disclosure
by Ihsan Sencan
ebrigade < 4.5 - Arbitrary File Download via showfile.php File Parameter
eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file.
by AkkuS
CVSS 4.3
By Source