Exploitdb Exploits
50,095 exploits tracked across all sources.
Wechat Broadcast < 1.2.0 - Path Traversal via Image.php URL Parameter
The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.
by Manuel García Cárdenas
CVSS 9.8
Localize My Post 1.0 - Path Traversal via AJAX Include File Parameter
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
by Manuel García Cárdenas
CVSS 7.5
rcfilters 2.1.6 - Cross-Site Scripting via _whatfilter and _messages Parameters
In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings).
by Fahimeh Rezaei
CVSS 5.4
LG SuperSign CMS - Unauthenticated Arbitrary File Read via signEzUI Playlist Upload Path Traversal
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
by Alejandro Fanjul
CVSS 8.6
Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution via URI Handler
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process.
by Che-Chun Kuo
CVSS 8.8
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.
by Larry W. Cashdollar
CVSS 4.8
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.
by Larry W. Cashdollar
CVSS 4.8
Arigato Autoresponder and Newsletter 2.5.0-2.5.1.5 - Authenticated Stored Cross-Site Scripting via POST Variable Classes
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
by Larry W. Cashdollar
CVSS 4.8
Arigato Autoresponder and Newsletter 2.5.0-2.5.1.4 - Stored XSS via filter_signup_date
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
by Larry W. Cashdollar
CVSS 4.8
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - SQL Injection
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.
by Larry W. Cashdollar
CVSS 7.2
Microsoft Browsers - Memory Corruption
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
by Google Security Research
CVSS 7.5
ChakraCore < 1.10.2 - Remote Code Execution via Type Confusion
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381.
by Google Security Research
CVSS 7.5
Netscape Portable Runtime (NSPR) API <4.6.3 - Local File Creation
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
by Metasploit
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.
by Larry W. Cashdollar
CVSS 4.8
NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)
by Jacob Baines
Notebook Pro 2.0 Denial of Service via Notebook Name Field
Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can create a malicious text file containing 500 or more characters, paste the content into the New Notebook Name field, and trigger an application crash when attempting to create and save the notebook.
by Ali Alipour
CVSS 6.2
Netis ADSL Router DL4322D RTK 2.1.1 - DoS
Netis ADSL Router DL4322D firmware RTK 2.1.1 contains a buffer overflow vulnerability in the embedded FTP service that allows an authenticated remote user to trigger a denial of service. After logging in to the FTP service, sending an FTP command such as ABOR with an excessively long argument causes the service, and in practice the router, to crash or become unresponsive, resulting in a loss of availability for the device and connected users.
by cakes
Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC)
by Jose Eduardo Castro
Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC)
by Jose Eduardo Castro
XAMPP Control Panel 3.2.2 - Denial of Service (PoC)
by Gionathan Reale
XAMPP Control Panel 3.2.2 - Denial of Service (PoC)
by Gionathan Reale
By Source