Exploitdb Exploits
50,095 exploits tracked across all sources.
Fuji Xerox Devices - Info Disclosure
Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices allow remote attackers to read or write to files via crafted PJL commands.
by vr_system
CVSS 9.8
Tenda D152 ADSL Router - Stored Cross-Site Scripting via SSID
Tenda D152 ADSL routers allow XSS via a crafted SSID.
by Sandip Dey
CVSS 5.4
mooSocial Store Plugin 2.6 SQL Injection via product parameter
mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality. Attackers can inject SQL code using boolean-based blind, time-based blind, or stacked query techniques in the product URI parameter to extract sensitive database information.
by Andrea Bocchetti
CVSS 8.2
Logicspice FAQ Script <2.9.7 - Command Injection
Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file.
by AkkuS
CVSS 7.2
Simple POS 4.0.24 - SQL Injection via Management Panel Search Parameter
Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1.
by Renos Nikolaou
CVSS 9.8
RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution
by Reigning Shells
Admidio 3.3.5 Cross-Site Request Forgery via roles_function.php
Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting roles_function.php with parameters like rol_assign_roles, rol_approve_users, and rol_edit_user set to 1 to escalate privileges without authentication.
by Nawaf Alkeraithe
CVSS 5.3
Visual Ping 0.8.0.0 Buffer Overflow Denial of Service
Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigger a denial of service condition.
by Uriel Corral Salinas
CVSS 6.2
Wikipedia 12.0 Denial of Service via Search
Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of repeated characters into the search bar to trigger an application crash.
by 0xB9
CVSS 7.5
Online Quiz Maker 1.0 SQL Injection via catid Parameter
Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in POST parameters to extract sensitive database information or bypass authentication.
by AkkuS
CVSS 7.1
FsPro Labs Event Log Explorer 4.6.1.2115 - XML External Entity Injection via .elx File
FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection.
by hyp3rlinx
CVSS 3.3
VSAXESS V2.6.2.70 build 20171226_053 - 'Nickname' Denial of Service (PoC)
by Diego Santamaria
Microsoft Windows Explorer Out-of-Bound Read - Denial of Service (PoC)
by Ghaaf
Microsoft Windows Explorer Out-of-Bound Read - Denial of Service (PoC)
by Ghaaf
Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service (PoC)
by Luis Martínez
Symantec Mobile Encryption for iPhone 2.1.0 - 'Server' Denial of Service (PoC)
by Luis Martínez
D-Link DIR-615 Firmware - Buffer Overflow via Authorization HTTP Header
D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.
by Aniket Dinda
CVSS 9.8
Acunetix WVS Reporter 10.0 - Denial of Service (PoC)
by Ali Alipour
DamiCMS 6.0.0 - Cross-Site Request Forgery via Admin Password Change
An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.
by Autism_JH
CVSS 8.8
Network Manager VPNC Username Privilege Escalation
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.
by Metasploit
CVSS 7.8
By Source