Exploitdb Exploits
49,996 exploits tracked across all sources.
Jbuildozer - SQL Injection
The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action.
by Ihsan Sencan
CVSS 9.8
AccessKeys AccessPress Anonymous Post Pro <3.1.9 - Code Injection
An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and file-uploader/file-uploader-class.php. This allows the attacker to upload anything they want to the server, as demonstrated by an action=ap_file_upload_action&allowedExtensions[]=php request to /wp-admin/admin-ajax.php that results in a .php file upload and resultant PHP code execution.
by Colette Chamberland
CVSS 9.8
Apple <11.2, <10.13.2, <4.2, <11.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Google Security Research
CVSS 7.8
Apple <11.2, <10.13.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Google Security Research
CVSS 7.8
Apple <11.2, <10.13.2, <4.2, <11.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Google Security Research
CVSS 7.8
Apple <10.13.2 - RCE/DoS
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.
by Google Security Research
CVSS 7.8
Yoga Class Script - SQL Injection
Yoga Class Script 1.0 has SQL Injection via the /list city parameter.
by Ihsan Sencan
CVSS 9.8
Vanguard Marketplace Digital Products Php - SQL Injection
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.
by Ihsan Sencan
CVSS 9.8
Vanguard Marketplace Digital Products Php - Unrestricted File Upload
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.
by Ihsan Sencan
CVSS 8.8
Single Theater Booking Script - SQL Injection
Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
by Ihsan Sencan
CVSS 9.8
Secure E-commerce Script - SQL Injection
Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.
by Ihsan Sencan
CVSS 9.8
Resume Clone Script - SQL Injection
Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.
by Ihsan Sencan
CVSS 9.8
Responsive Realestate Script - SQL Injection
Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.
by Ihsan Sencan
CVSS 9.8
Responsive Events And Movie Ticket Booking Script - SQL Injection
Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
by Ihsan Sencan
CVSS 9.8
Readymade Video Sharing Script - SQL Injection
Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.
by Ihsan Sencan
CVSS 9.8
Readymade Php Classified Script - SQL Injection
Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.
by Ihsan Sencan
CVSS 9.8
ON Demand Marketplace Script - SQL Injection
Professional Service Script 1.0 has SQL Injection via the service-list city parameter.
by Ihsan Sencan
CVSS 9.8
Php Multivendor Ecommerce - SQL Injection
PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.
by Ihsan Sencan
CVSS 9.8
Opensource Classified Ads Script - SQL Injection
Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.
by Ihsan Sencan
CVSS 9.8
Online Exam Test Application Script - SQL Injection
Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.
by Ihsan Sencan
CVSS 9.8
Muslim Matrimonial Script - SQL Injection
Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.
by Ihsan Sencan
CVSS 9.8
Multivendor Penny Auction Clone Script - SQL Injection
Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.
by Ihsan Sencan
CVSS 9.8
Multireligion Responsive Matrimonial - SQL Injection
Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.
by Ihsan Sencan
CVSS 9.8
Multiplex Movie Theater Booking Script - SQL Injection
Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter.
by Ihsan Sencan
CVSS 9.8
By Source