Exploitdb Exploits
49,989 exploits tracked across all sources.
SmartFTP Client 9.0.2623.0 - Denial of Service (PoC)
by Alejandra Sánchez
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
by Kaimi
Tourism Website Blog - Remote Code Execution / SQL Injection
by Ihsan Sencan
Prestashop < 1.6.1.23 - Unrestricted File Upload
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.
by Fariskhi Vidyan
CVSS 9.8
DomainMOD <4.11.01 - XSS
DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field.
by Mohammed Abdul Raheem
CVSS 4.8
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
by Ihsan Sencan
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
by Ihsan Sencan
Adobe Coldfusion - Unrestricted File Upload
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
by Vahagn Vardanyan
CVSS 9.8
Apple Iphone OS < 12.1.1 - Improper Input Validation
A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
by Google Security Research
CVSS 7.8
ZTE Zxhn H168n Firmware - Authentication Bypass
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.
by Usman Saeed
CVSS 6.5
Tp-link Archer C1200 Firmware - XSS
TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI.
by Usman Saeed
CVSS 6.1
Huawei B315s-22 <21.318.01.00.26 - Info Disclosure
Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Unauthenticated adjacent attackers may exploit this vulnerability to obtain device information.
by Usman Saeed
CVSS 6.5
Kubernetes <1.10.11-1.12.3 - SSRF
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
by evict
CVSS 9.8
Kubernetes <1.10.11-1.12.3 - SSRF
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
by evict
CVSS 9.8
Textpad 8.1.2 Denial of Service via Run Command
Textpad 8.1.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long buffer string through the Run command interface. Attackers can paste a 5000-byte payload into the Command field via Tools > Run to trigger a buffer overflow that crashes the application.
by Gionathan Reale
CVSS 6.2
i-doit open <1.11.2 - RCE
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file because a ZIP archive is accepted by /admin/?req=modules&action=add as a plugin, and extracted to the main directory. In order for the ".zip" file to be accepted, it must also contain a package.json file.
by AkkuS
CVSS 7.2
DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting
by Mohammed Abdul Raheem
Adiscon LogAnalyzer <4.1.7 - XSS
login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.
by Gustavo Sorondo
CVSS 6.1
NEC Univerge Sv9100 Webpro Firmware - Information Disclosure
NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs.
by hyp3rlinx
CVSS 9.8
HP Intelligent Management Center < 7.3 - Insecure Deserialization
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
by Metasploit
CVSS 9.8
Microsoft Lync - Auth Bypass
A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Security Feature Bypass Vulnerability." This affects Microsoft Lync.
by nyxgeek
CVSS 7.5
Emacs - movemail Privilege Escalation (Metasploit)
by Metasploit
Emacs - movemail Privilege Escalation (Metasploit)
by Metasploit
By Source