Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-100977 EXPLOITDB text
Aastra 6755i SIP SP4 - Denial of Service
by Wadeek
CVE-2018-13818 EXPLOITDB CRITICAL text
symfony/twig < 2.4.4 - Server-Side Template Injection via search_key Parameter
Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it
by JameelNabbo
CVSS 9.8
EIP-2026-115642 EXPLOITDB text VERIFIED
Microsoft Edge - 'UnmapViewOfFile' ACG Bypass
by Google Security Research
EIP-2026-112933 EXPLOITDB python
UserSpice 4.3 - Blind SQL Injection
by Dolev Farhi
EIP-2026-112817 EXPLOITDB text VERIFIED
TV - Video Subscription - Authentication Bypass SQL Injection
by L0RD
EIP-2026-111564 EXPLOITDB text VERIFIED
PSNews Website 1.0.0 - 'Keywords' SQL Injection
by L0RD
EIP-2026-110585 EXPLOITDB text VERIFIED
PHIMS - Hospital Management Information System - 'Password' SQL Injection
by L0RD
CVE-2018-5987 EXPLOITDB CRITICAL text VERIFIED
Pinterest Clone Social Pinboard 2.0 - SQL Injection
SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6583 EXPLOITDB CRITICAL text VERIFIED
Timetable Responsive Schedule 1.5 - SQL Injection via view=event&alias= Request
SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5992 EXPLOITDB CRITICAL text VERIFIED
Staff Master < 1.0 - SQL Injection via Name Parameter
SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7179 EXPLOITDB CRITICAL text
SquadManagement 1.0.3 - SQL Injection via id Parameter
SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5980 EXPLOITDB CRITICAL text
Solidres 2.5.1 - SQL Injection via Hub Search Direction Parameter
SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5975 EXPLOITDB CRITICAL text VERIFIED
Joomla! Smart Shoutbox 3.0.0 - SQL Injection
SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5974 EXPLOITDB CRITICAL text
SimpleCalendar 3.1.9 - SQL Injection
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7178 EXPLOITDB CRITICAL text
Saxum Picker 3.2.10 - SQL Injection via Publicid Parameter
SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7177 EXPLOITDB CRITICAL text
Saxum Numerology 3.0.4 - SQL Injection via publicid Parameter
SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7180 EXPLOITDB CRITICAL text
Saxum Astro 4.0.14 - SQL Injection via publicid Parameter
SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6005 EXPLOITDB CRITICAL text
realpin < 1.5.04 - SQL Injection via Pinboard Parameter
SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6024 EXPLOITDB CRITICAL text VERIFIED
Joomla! Project Log 1.5.3 - SQL Injection
SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6370 EXPLOITDB CRITICAL text VERIFIED
NeoRecruit 4.1 - SQL Injection via PATH_INFO or .html File Name
SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5971 EXPLOITDB CRITICAL text
MediaLibrary Free 4.0.12 - SQL Injection
SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-16356 EXPLOITDB MEDIUM text
Simple Image Gallery Extended < 3.3.0 - Reflected Cross-Site Scripting via img, name, or caption Parameter
Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption parameter.
by Alwin Peppels
CVSS 6.1
CVE-2018-6585 EXPLOITDB CRITICAL text VERIFIED
JTicketing 2.0.16 - SQL Injection via filter_creator or filter_events_cat Parameter
SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5994 EXPLOITDB CRITICAL text
JS Jobs 1.1.9 - SQL Injection via Zipcode or ta Parameter
SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6006 EXPLOITDB CRITICAL text
JS Autoz 1.0.9 - SQL Injection via vtype, pre, or prs Parameter
SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter.
by Ihsan Sencan
CVSS 9.8