Exploitdb Exploits
49,996 exploits tracked across all sources.
Pango <1.42.3 - DoS
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
by Jeffery M
CVSS 6.5
Adobe Flash Player <30.0.0.134 - Info Disclosure
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
by Google Security Research
CVSS 7.5
Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC)
by Luis Martínez
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
by Yorick Koster
Ricoh MP C4504ex Firmware - CSRF
RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
by Ismail Tasdelen
CVSS 8.8
Codemenschen Gift Vouchers < 2.0.1 - SQL Injection
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
by Renos Nikolaou
CVSS 9.8
Zohocorp Manageengine Admanager Plus - XSS
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
by Ismail Tasdelen
CVSS 6.1
Apache Struts 2 Namespace Redirect OGNL Injection
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
by Mazin Ahmed
CVSS 8.1
UltimatePOS 2.5 - RCE
UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type.
by Renos Nikolaou
CVSS 8.8
Manageengine Admanager Plus - XSS
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.
by Ismail Tasdelen
CVSS 6.1
Apache Struts 2 Namespace Redirect OGNL Injection
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
by hook-s3c
CVSS 8.1
SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service (PoC)
by Luis Martínez
Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)
by cakes
StyleWriter 1.0 Denial of Service via Pattern Input
StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the Pattern to Find or Advice Message fields in the Add Pattern dialog to trigger a denial of service condition.
by Gionathan Reale
CVSS 6.2
Epiphany Web Browser 3.28.1 - Denial of Service (PoC)
by Dhiraj Mishra
Easyboot 6.6.0 Buffer Overflow Denial of Service
Easyboot 6.6.0 contains a buffer overflow vulnerability in the Replace Text function that allows local attackers to crash the application by supplying an oversized string. Attackers can trigger the vulnerability by accessing File > Tools > Replace Text and pasting a 7000-byte payload into the text fields to cause a denial of service.
by Gionathan Reale
CVSS 6.2
Softdisk 3.0.3 Buffer Overflow Denial of Service
Softdisk 3.0.3 contains a buffer overflow vulnerability in the registration code dialog that allows local attackers to crash the application by supplying an oversized string. Attackers can trigger the vulnerability by entering a 6000-byte payload in the Registration Name field through the Help menu's Enter Registration Code dialog to cause a denial of service.
by Gionathan Reale
CVSS 6.2
UltraISO 9.7.1.3519 - Denial Of Service (PoC)
by Ali Alipour
Textpad 7.6.4 - Denial Of Service (PoC)
by Gionathan Reale
Microsoft Windows and Visual Studio <2016 - Elevation of Privilege
An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.
by Atredis Partners
CVSS 7.8
By Source