Exploitdb Exploits
50,095 exploits tracked across all sources.
NoMachine < 6.0.66_2 - Local Privilege Escalation via Uninitialized Stack Variable in nxfuse
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.
by Fidus InfoSecurity
CVSS 7.8
Parallels Remote Application Server 15.5 - Path Traversal
by Nicolas Markitanis
Armadito 0.12.7.2 - Info Disclosure
An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file for scanning after the conversion is done from Unicode to ANSI. This happens because characters that cannot be converted from Unicode are replaced with '?' characters.
by Souhail Hammou
CVSS 3.3
Proclaim 9.1.1 - Unauthenticated Sensitive Information Exposure via Backup File Download
Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/.
by Ihsan Sencan
CVSS 7.5
Proclaim 9.1.1 - Arbitrary File Upload via Mediafileform Action
Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action.
by Ihsan Sencan
CVSS 9.8
PrayerCenter 3.0.2 - SQL Injection via Session ID Parameter
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.
by Ihsan Sencan
CVSS 9.8
OS Property Real Estate 3.12.7 - SQL Injection via Cooling System, Heating System, or Laundry Parameter
SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter.
by Ihsan Sencan
CVSS 9.8
Ek Rishta 2.9 - SQL Injection via Gender, Age, Religion, Mother Tongue, Caste, or Country Parameter
SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter.
by Ihsan Sencan
CVSS 9.8
CW Tags 2.0.6 - SQL Injection via Searchtext Array Parameter
SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.
by Ihsan Sencan
CVSS 9.8
belitsoft checklist SQL Injection via title_search, tag_search, name_search, description_search, or filter_order
SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.
by Ihsan Sencan
CVSS 9.8
alexandria_book_library 3.1.2 - SQL Injection via Letter Parameter
SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.
by Ihsan Sencan
CVSS 9.8
Trend Micro Email Encryption Gateway 5.5 - SQL Injection via Search Configuration Script
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
by Core Security
CVSS 6.8
EChat Server 3.1 Buffer Overflow via chat.ghp username Parameter
EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets to achieve code execution in the application context.
by Juan Sacco
CVSS 9.8
Flexense Disksavvy - Memory Corruption
A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9124.
by Daniel Teixeira
CVSS 9.8
DiskBoss < 8.9 - Buffer Overflow via Import Command XML Name Attribute
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
by Daniel Teixeira
CVSS 7.8
WavPack 5.1.0 - Denial of Service via Malicious CAF File
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.
by r4xis
CVSS 7.8
Windows Storage Services - Privilege Escalation
Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
Windows 10 <1709 - Privilege Escalation
The Named Pipe File System in Windows 10 version 1709 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Named Pipe File System handles objects, aka "Named Pipe File System Elevation of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
Windows 10 and Windows Server 2016 - Elevation of Privilege via NTFS Reparse Point Handling
NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
Windows 10 and Windows Server 2016 - Elevation of Privilege via AppContainer Impersonation
AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
Windows Kernel - Information Disclosure via Memory Object Handling
The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0829 and CVE-2018-0830.
by Google Security Research
CVSS 4.7
Internet Explorer - Remote Code Execution via Scripting Engine Memory Corruption
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0861.
by Google Security Research
CVSS 7.5
μTorrent (uTorrent) Classic/Web - JSON-RPC Remote Code Execution / Information Disclosure
by Google Security Research
MagniComp SysInfo mcsiwrapper Privilege Escalation
A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This access could be exploited by a local attacker to gain a root shell prompt using the right combination of environment variables and command line arguments.
by Metasploit
CVSS 6.7
October CMS < 1.0.431 - Stored Cross-Site Scripting via Add Posts Page
October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.
by Samrat Das
CVSS 6.1
By Source