Exploitdb Exploits
49,989 exploits tracked across all sources.
D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery
by hyp3rlinx
Microsoft Windows 10 (Build 17134) - Local Privilege Escalation (UAC Bypass)
by Tenable NS
PlayJoom 0.10.1 - SQL Injection
PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with option=com_playjoom&view=genre&catid=[SQL] to extract sensitive database information including usernames, databases, and version details.
by Ihsan Sencan
CVSS 8.2
Openslp - Memory Corruption
Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.
by Magnus Klaaborg Stubman
CVSS 9.8
OpenBiz Cubi Lite 3.0.8 SQL Injection via username Parameter
OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers to manipulate database queries through the username parameter. Attackers can submit POST requests to /bin/controller.php with malicious SQL code in the username field to extract sensitive database information or bypass authentication.
by AkkuS
CVSS 8.2
OOP CMS BLOG 1.0 - CSRF
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized access.
by Ihsan Sencan
CVSS 5.3
OOP CMS BLOG 1.0 - SQL Injection
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id parameter in posts.php to extract database information including table names, schema names, and database credentials.
by Ihsan Sencan
CVSS 8.2
eToolz 3.4.8.0 - Buffer Overflow
eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing 255 bytes of data that triggers a buffer overflow condition when processed by the application.
by Ihsan Sencan
CVSS 6.2
Arm Whois 3.11 - Buffer Overflow (SEH)
by Semen Alexandrovich Lyhin
Arm Whois 3.11 - Buffer Overflow (SEH)
by Semen Alexandrovich Lyhin
VSAXESS V2.6.2.70 build20171226_053 - 'organization' Denial of Service (PoC)
by Diego Santamaria
Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)
by Metasploit
Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)
by Metasploit
LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions
by Carlos Avila
Grocery crud 1.6.1 - 'search_field' SQL Injection
by Loading Kura Kura
CMSMS <2.2.7 - RCE
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
by Lucian Ioan Nitescu
CVSS 7.2
Blueimp jQuery-File-Upload <=9.22.0 - File Upload
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
by Metasploit
CVSS 9.8
Apple Iphone OS < 12.1 - Memory Corruption
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.
by Google Security Research
CVSS 7.5
Apple Iphone OS < 12.1 - Memory Corruption
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.
by Google Security Research
CVSS 9.8
Mz-automation Libiec61850 - Out-of-Bounds Write
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c.
by Dhiraj Mishra
CVSS 9.8
Apple Iphone OS < 12.1 - Memory Corruption
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, watchOS 5.1.
by Google Security Research
CVSS 7.8
Morris Worm - fingerd Stack Buffer Overflow (Metasploit)
by Metasploit
Morris Worm - fingerd Stack Buffer Overflow (Metasploit)
by Metasploit
Softros LAN Messenger 9.2 Denial of Service via Log Files Location
Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location custom path parameter to trigger a crash when the OK button is clicked.
by Victor Mondragón
CVSS 5.5
By Source