Exploitdb Exploits
49,996 exploits tracked across all sources.
Joommasters Jms Music - SQL Injection
SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.
by Ihsan Sencan
CVSS 9.8
Janguo Jimtawl - Unrestricted File Upload
Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request.
by Ihsan Sencan
CVSS 9.8
Jextn Reverse Auction - SQL Injection
SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request.
by Ihsan Sencan
CVSS 9.8
Jextn Membership - SQL Injection
SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.
by Ihsan Sencan
CVSS 9.8
Jextn Classified - SQL Injection
SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request.
by Ihsan Sencan
CVSS 9.8
Jextn JE Paypervideo - SQL Injection
SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.
by Ihsan Sencan
CVSS 9.8
Fancy Clone Script - 'search_browse_product' SQL Injection
by 8bitsec
Ezcode Event Manager - SQL Injection
SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter.
by Ihsan Sencan
CVSS 9.8
Oracle Hospitality Simphony <2.9 - RCE
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). Supported versions that are affected are 2.7, 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
by Dmitry Chastuhin
CVSS 8.1
Flexense Syncbreeze - Memory Corruption
A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121.
by Daniel Teixeira
CVSS 9.8
GeoVision embedded IP devices - Command Injection
GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life (EOL) by the vendor. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC.
by bashis
BMC BladeLogic Server Automation <8.7 - Auth Bypass
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure.
by Metasploit
CVSS 7.5
BMC BladeLogic Server Automation <8.8 - Auth Bypass
The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.
by Metasploit
CVSS 7.5
WebKit - 'WebCore::FrameView::clientToLayoutViewportPoint' Use-After-Free
by Google Security Research
Apple TV < 11.2.5 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
Geovision Inc. IP Camera & Video - Remote Command Execution
by bashis
BMC Server Automation < 8.6 - Improper Authorization
The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors.
by Paul Taylor
CVSS 5.3
WebAccess <8.3 - SQL Injection
A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.
by Chris Lyne
CVSS 9.8
HP Intelligent Management Center - Insecure Deserialization
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
by Chris Lyne
CVSS 9.8
Iolo System Shield - Memory Corruption
In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability due to not validating input values from IOCtl 0x00226003.
by Parvez Anwar
CVSS 9.8
Anchorfree Hotspot Shield - Information Disclosure
Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address.
by SecuriTeam
CVSS 7.5
LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow
by Miguel Mendez Z
By Source