Exploitdb Exploits
50,095 exploits tracked across all sources.
CI User Login and Management 1.0 - Arbitrary File Upload
by Ihsan Sencan
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection
by Ihsan Sencan
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
by Marco Ivaldi
CVSS 6.6
Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass
by Adam Brown
Microstrategy Web 7 - Authenticated Path Traversal via subpage Parameter
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.
by Rafael Pedrero
CVSS 4.3
ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure
by numan türle
MOGG web simulator Script All Version SQL Injection via play.php
MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract sensitive database information including usernames and other data.
by Meisam Monsef
CVSS 8.2
Grapixel New Media v2.0 - SQL Injection via pages.aspx pageref Parameter
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.
by Berk Dusunur
CVSS 9.8
Welcome to our Resort 1.0 - Cross-Site Request Forgery via User Edit Action
The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/mod_users/controller.php?action=edit.
by Ihsan Sencan
CVSS 8.8
Open Faculty Evaluation System 7 - SQL Injection via submit_feedback.php
Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18757.
by Ihsan Sencan
CVSS 9.8
Open Faculty Evaluation System 5.6 - SQL Injection via submit_feedback.php
Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758.
by Ihsan Sencan
CVSS 9.8
ASRock RGBLED <1.0.35.1, A-Tuning/F-Stream <3.0.210, RestartToUEFI <1.0.6.2 - Ring-0 Code Execution via MSR
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.
by SecureAuth
CVSS 7.8
Asrock A-tuning < 3.0.210 - Incorrect Permission Assignment
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
by SecureAuth
CVSS 7.1
ASRock RGBLED <1.0.35.1, A-Tuning/F-Stream <3.0.210, RestartToUEFI <1.0.6.2 - Privilege Escalation via CR Register
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
by SecureAuth
CVSS 7.8
EIP-2026-119651
EXPLOITDB
School Equipment Monitoring System 1.0 - 'login' SQL Injection
by Ihsan Sencan
Navicat 12.0.29 - 'SSH' Denial of Service (PoC)
by Rafael Alfaro
AlienIP 2.41 - Denial of Service (PoC)
by Arturo de la Cruz Tellez
Modbus Slave 7.0.0 - Buffer Overflow
Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow.
by Ihsan Sencan
CVSS 7.5
By Source