Exploitdb Exploits
50,095 exploits tracked across all sources.
jquickcontact 1.3.2.2.1 - SQL Injection via task=refresh&sid= Request
SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request.
by Ihsan Sencan
CVSS 9.8
JomEstate PRO < 3.7 - SQL Injection via id Parameter in task=detailed Action
SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.
by Ihsan Sencan
CVSS 9.8
JGive 2.0.9 - SQL Injection via filter_org_ind_type or campaign_countries Parameter
SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.
by Ihsan Sencan
CVSS 9.8
JB Bus 2.3 - SQL Injection via order_number Parameter
SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter.
by Ihsan Sencan
CVSS 9.8
InviteX 3.0.5 - SQL Injection via invite_type Parameter
SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.
by Ihsan Sencan
CVSS 9.8
Google Map Landkarten <= 4.2.3 - SQL Injection via cid/id/map Parameters
SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.
by Ihsan Sencan
CVSS 9.8
Gallery WD 1.3.6 - SQL Injection via tag_id or gallery_id Parameter
SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter.
by Ihsan Sencan
CVSS 9.8
Joomla! Form Maker 3.6.12 - SQL Injection
SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.
by Ihsan Sencan
CVSS 9.8
Joomla! File Download Tracker 3.0 - SQL Injection
SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.
by Ihsan Sencan
CVSS 9.8
fastball 2.5 - SQL Injection via Season Parameter
SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action.
by Ihsan Sencan
CVSS 9.8
DT Register 3.2.7 - SQL Injection via Task Parameter
SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.
by Ihsan Sencan
CVSS 9.8
ccNewsletter 2.x - Joomla! - SQL Injection
SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099.
by Ihsan Sencan
CVSS 9.8
AllVideos Reloaded <1.2.x - SQL Injection
SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.
by Ihsan Sencan
CVSS 9.8
aist < 2.0 - SQL Injection via id Parameter in showvacancy Request
SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request.
by Ihsan Sencan
CVSS 9.8
Advertisement Board 3.1.0 - Joomla! - SQL Injection
SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request.
by Ihsan Sencan
CVSS 9.8
FrontAccounting 2.4.3 - Cross-Site Request Forgery via User Permissions Page
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).
by Samrat Das
CVSS 8.8
Oracle Primavera P6 <16.1 - Info Disclosure
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
by Marios Nicolaides
CVSS 5.4
jboss-remoting - Denial of Service via RemoteMessageChannel Infinite Loop
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
by Frank Spierings
CVSS 7.5
ABRT raceabrt Privilege Escalation
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.
by Metasploit
CVSS 7.8
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 50000/UDP could cause a denial-of-service of the affected device. A manual reboot may be required to recover the service of the device.
by M. Can Kurnaz
Epic MyChart - XPath Injection via Help Topic Parameter
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate.
by Shayan S
CVSS 7.5
Microsoft Edge and ChakraCore - Remote Code Execution via Scripting Engine Memory Corruption
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0861, and CVE-2018-0866.
by Google Security Research
CVSS 7.5
Internet Explorer and Microsoft Edge - Remote Code Execution via Scripting Engine Memory Corruption
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
by Google Security Research
CVSS 7.5
ChakraCore - Remote Code Execution via Memory Corruption in Scripting Engine
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
by Google Security Research
CVSS 7.5
ChakraCore - Remote Code Execution via Memory Corruption
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
by Google Security Research
CVSS 7.5
By Source