Exploitdb Exploits
50,095 exploits tracked across all sources.
The Open ISES Project 3.30A SQL Injection via city_graph.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to city_graph.php with crafted SQL payloads to extract sensitive database information including schema names and other data.
by Ihsan Sencan
CVSS 8.2
The Open ISES Project 3.30A SQL Injection via inc_types_graph.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inc_types_graph.php with crafted SQL payloads to extract sensitive database information including schema names and other data.
by Ihsan Sencan
CVSS 8.2
The Open ISES Project 3.30A SQL Injection via sever_graph.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to sever_graph.php with crafted SQL payloads to extract sensitive database information including schema names and other data.
by Ihsan Sencan
CVSS 8.2
The Open ISES Project 3.30A SQL Injection via form_post.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/form_post.php endpoint with crafted SQL payloads to extract sensitive database information including schema names and other data.
by Ihsan Sencan
CVSS 8.2
The Open ISES Project 3.30A SQL Injection via nearby.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick_lat and tick_lng parameters. Attackers can send GET requests to nearby.php with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
The Open ISES Project 3.30A SQL Injection via main.php
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm_passwd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
Microsoft Windows 10 - Local Privilege Escalation (UAC Bypass)
by Fabien DROMAS
Windows SetImeInfoEx Win32k NULL Pointer Dereference
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
by Metasploit
CVSS 7.0
Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection
by Ihsan Sencan
Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem
by Google Security Research
Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory
by Google Security Research
Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport
by Google Security Research
Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport
by Google Security Research
Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking
by Google Security Research
Keybase < 2.8.0-20181023124437 - Untrusted Search Path Privilege Escalation via keybase-redirector
An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary.
by mirchr
CVSS 7.8
Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas
by Google Security Research
Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas
by Google Security Research
Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value
by Google Security Research
libssh Authentication Bypass Scanner
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
by jas502n
CVSS 9.1
By Source