Exploitdb Exploits
49,996 exploits tracked across all sources.
Trendmicro Email Encryption Gateway - Improper Certificate Validation
An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own.
by Core Security
CVSS 8.1
Trendmicro Email Encryption Gateway - Injection
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems.
by Core Security
CVSS 9.8
Trendmicro Email Encryption Gateway - Improper Certificate Validation
An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data.
by Core Security
CVSS 6.5
Nomachine < 6.0.66_2 - Denial of Service
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.
by Fidus InfoSecurity
CVSS 7.8
Nomachine < 6.0.66_2 - Denial of Service
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.
by Fidus InfoSecurity
CVSS 7.8
Parallels Remote Application Server 15.5 - Path Traversal
by Nicolas Markitanis
Armadito 0.12.7.2 - Info Disclosure
An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file for scanning after the conversion is done from Unicode to ANSI. This happens because characters that cannot be converted from Unicode are replaced with '?' characters.
by Souhail Hammou
CVSS 3.3
Christianwebministries Proclaim - Information Disclosure
Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/.
by Ihsan Sencan
CVSS 7.5
Christianwebministries Proclaim - Unrestricted File Upload
Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action.
by Ihsan Sencan
CVSS 9.8
Mlwebtechnologies Prayercenter - SQL Injection
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.
by Ihsan Sencan
CVSS 9.8
OS Property Real Estate - SQL Injection
SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter.
by Ihsan Sencan
CVSS 9.8
Harmistechnology EK Rishta - SQL Injection
SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter.
by Ihsan Sencan
CVSS 9.8
Cwjoomla CW Tags - SQL Injection
SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.
by Ihsan Sencan
CVSS 9.8
Belitsoft Checklist - SQL Injection
SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.
by Ihsan Sencan
CVSS 9.8
Alexandriabooklibrary Alexandria Book Library - SQL Injection
SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.
by Ihsan Sencan
CVSS 9.8
Trendmicro Email Encryption Gateway - SQL Injection
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
by Core Security
CVSS 6.8
EChat Server 3.1 Buffer Overflow via chat.ghp username Parameter
EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets to achieve code execution in the application context.
by Juan Sacco
CVSS 9.8
Flexense Disksavvy - Memory Corruption
A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9124.
by Daniel Teixeira
CVSS 9.8
SyncBreeze <10.6 - Buffer Overflow
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
by Daniel Teixeira
CVSS 7.8
Wavpack - Out-of-Bounds Read
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.
by r4xis
CVSS 7.8
Windows Storage Services - Privilege Escalation
Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
Windows 10 <1709 - Privilege Escalation
The Named Pipe File System in Windows 10 version 1709 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Named Pipe File System handles objects, aka "Named Pipe File System Elevation of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
NTFS - Privilege Escalation
NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
Microsoft Windows 10 - Improper Privilege Management
AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
Microsoft Windows 10 - Memory Leak
The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0829 and CVE-2018-0830.
by Google Security Research
CVSS 4.7
By Source