Exploitdb Exploits
49,996 exploits tracked across all sources.
Microsoft Internet Explorer - Out-of-Bounds Write
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0861.
by Google Security Research
CVSS 7.5
μTorrent (uTorrent) Classic/Web - JSON-RPC Remote Code Execution / Information Disclosure
by Google Security Research
MagniComp SysInfo mcsiwrapper Privilege Escalation
A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This access could be exploited by a local attacker to gain a root shell prompt using the right combination of environment variables and command line arguments.
by Metasploit
CVSS 6.7
October < 1.0.431 - XSS
October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.
by Samrat Das
CVSS 6.1
Symfony Twig < 2.4.4 - Code Injection
Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it
by JameelNabbo
CVSS 9.8
Microsoft Edge - 'UnmapViewOfFile' ACG Bypass
by Google Security Research
TV - Video Subscription - Authentication Bypass SQL Injection
by L0RD
PHIMS - Hospital Management Information System - 'Password' SQL Injection
by L0RD
Pinterest Clone Social Pinboard 2.0 - SQL Injection
SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action.
by Ihsan Sencan
CVSS 9.8
Quanticalabs Timetable Responsive Schedule - SQL Injection
SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.
by Ihsan Sencan
CVSS 9.8
Joomla! <1.0 RC 1 - SQL Injection
SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.
by Ihsan Sencan
CVSS 9.8
Squadmanagement - SQL Injection
SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.
by Ihsan Sencan
CVSS 9.8
Solidres 2.5.1 - SQL Injection
SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.
by Ihsan Sencan
CVSS 9.8
Joomla! Smart Shoutbox 3.0.0 - SQL Injection
SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI.
by Ihsan Sencan
CVSS 9.8
SimpleCalendar 3.1.9 - SQL Injection
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.
by Ihsan Sencan
CVSS 9.8
Saxum2003 Saxum Picker - SQL Injection
SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.
by Ihsan Sencan
CVSS 9.8
Saxum2003 Numerology - SQL Injection
SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.
by Ihsan Sencan
CVSS 9.8
Saxum2003 Astro - SQL Injection
SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.
by Ihsan Sencan
CVSS 9.8
Realpin <1.5.04 - SQL Injection
SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.
by Ihsan Sencan
CVSS 9.8
Joomla! Project Log 1.5.3 - SQL Injection
SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.
by Ihsan Sencan
CVSS 9.8
Neojoomla Neorecruit - SQL Injection
SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.
by Ihsan Sencan
CVSS 9.8
MediaLibrary Free 4.0.12 - SQL Injection
SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter.
by Ihsan Sencan
CVSS 9.8
By Source