Exploitdb Exploits
49,989 exploits tracked across all sources.
XAMPP Control Panel 3.2.2 - Denial of Service (PoC)
by Gionathan Reale
JCK Editor <6.4.4 - SQL Injection
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
by Hamza Megahed
CVSS 9.8
Broadcom Release Automation < 6.3.0.9945 - Insecure Deserialization
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.
by Jakub Palaczynski
CVSS 9.8
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting
by cakes
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (2)
by Ivan Ivanovic
Faleemi Plus 1.0.2 Denial of Service via Buffer Overflow
Faleemi Plus 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can paste a 2000-byte payload into the Camera name and DID number fields during camera addition to trigger an application crash.
by Gionathan Reale
CVSS 6.2
InfraRecorder 0.53 Denial of Service via txt File Import
InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Attackers can create a text file containing 6000 bytes of data and import it through the Edit menu's Import function to trigger an application crash.
by Gionathan Reale
CVSS 6.2
WatchGuard AP100-AP200/AP300 <1.2.9.15/<2.0.0.10 - RCE
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root.
by Stephen Shkardoon
CVSS 8.8
WatchGuard AP100-AP200 <1.2.9.15 - Auth Bypass
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user).
by Stephen Shkardoon
CVSS 7.8
CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service (PoC)
by Alan Joaquín Baeza Meza
Free MP3 CD Ripper 2.6 - Buffer Overflow
Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wma file.
by Gionathan Reale
CVSS 7.8
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
by Ceylan BOZOĞULLARINDAN
WatchGuard AP100-AP200 <1.2.9.15 - Info Disclosure
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false.
by Stephen Shkardoon
CVSS 9.8
Apache Syncope < 1.2.11 - Improper Input Validation
An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.
by Che-Chun Kuo
CVSS 7.2
InduSoft Web Studio 8.1 SP1 - 'Tag Name' Buffer Overflow (SEH)
by Luis Martínez
Free MP3 CD Ripper 2.6 - Buffer Overflow
Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .mp3 file.
by Gionathan Reale
CVSS 7.8
Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC)
by ZwX
Apache Syncope < 1.2.11 - Information Disclosure
An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.
by Che-Chun Kuo
CVSS 4.9
Apache Pluto < 3.0.1 - Information Disclosure
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.
by Che-Chun Kuo
CVSS 7.5
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (1)
by Parvez Anwar
Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow
by ZwX
Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow
by ZwX
Faleemi Desktop Software 1.8.2 - 'SavePath for ScreenShots' Buffer Overflow (SEH)
by Gionathan Reale
Faleemi Desktop Software 1.8.2 - 'SavePath for ScreenShots' Buffer Overflow (SEH)
by Gionathan Reale
By Source