Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-13847 EXPLOITDB HIGH c VERIFIED
iPhone OS < 11.2 and macOS < 10.13.2 - Memory Corruption in IOKit
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2017-13867 EXPLOITDB HIGH c VERIFIED
Apple <11.2, <10.13.2, <4.2, <11.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2017-13875 EXPLOITDB HIGH c VERIFIED
macOS < 10.13.2 - Out-of-bounds Read in Intel Graphics Driver
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2017-17630 EXPLOITDB CRITICAL text VERIFIED
Yoga Class Script 1.0 - SQL Injection via City Parameter
Yoga Class Script 1.0 has SQL Injection via the /list city parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17873 EXPLOITDB CRITICAL text VERIFIED
Vanguard Marketplace Digital Products PHP 1.4 - SQL Injection via PATH_INFO to /p URI
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17874 EXPLOITDB HIGH text
Vanguard Marketplace Digital Products PHP 1.4 - Unauthenticated Arbitrary File Upload via Product Addition
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.
by Ihsan Sencan
CVSS 8.8
CVE-2017-17634 EXPLOITDB CRITICAL text VERIFIED
Single Theater Booking Script 3.2.1 - SQL Injection via findcity.php q Parameter
Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17629 EXPLOITDB CRITICAL text VERIFIED
Secure E-commerce Script 2.0.1 - SQL Injection via Category Search or Product Detail Parameters
Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17641 EXPLOITDB CRITICAL text VERIFIED
resume_clone_script 2.0.5 - SQL Injection via preview.php id Parameter
Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17628 EXPLOITDB CRITICAL text VERIFIED
Responsive Realestate Script 3.2 - SQL Injection via Property-List tbud Parameter
Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17632 EXPLOITDB CRITICAL text VERIFIED
Responsive Events And Movie Ticket Booking Script 3.2.1 - SQL Injection via findcity.php q Parameter
Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17627 EXPLOITDB CRITICAL text VERIFIED
Readymade Video Sharing Script 3.2 - SQL Injection via Report Videos Array Parameter
Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17626 EXPLOITDB CRITICAL text VERIFIED
Readymade PHP Classified Script 3.3 - SQL Injection via Categories Subctid or Mctid Parameter
Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17625 EXPLOITDB CRITICAL text VERIFIED
Professional Service Script 1.0 - SQL Injection via City Parameter
Professional Service Script 1.0 has SQL Injection via the service-list city parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17624 EXPLOITDB CRITICAL text VERIFIED
PHP Multivendor Ecommerce 1.0 - SQL Injection via single_detail.php or category.php
PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17623 EXPLOITDB CRITICAL html VERIFIED
Opensource Classified Ads Script 3.2 - SQL Injection via Advance Result Keyword Parameter
Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17622 EXPLOITDB CRITICAL text VERIFIED
Online Exam Test Application Script 1.6 - SQL Injection via exams.php sort parameter
Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17639 EXPLOITDB CRITICAL text VERIFIED
Muslim Matrimonial Script 3.02 - SQL Injection via success-story.php succid Parameter
Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17621 EXPLOITDB CRITICAL text VERIFIED
Multivendor Penny Auction Clone Script 1.0 - SQL Injection via PATH_INFO to Detail URI
Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17631 EXPLOITDB CRITICAL text VERIFIED
Multireligion Responsive Matrimonial 4.7.2 - SQL Injection via success-story.php succid Parameter
Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17633 EXPLOITDB CRITICAL text VERIFIED
Multiplex Movie Theater Booking Script 3.1.5 - SQL Injection via moid or eid Parameter
Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17635 EXPLOITDB CRITICAL text
MLM Forex Market Plan Script 2.0.4 - SQL Injection via news_detail.php newid or event_detail.php eventid Parameter
MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17636 EXPLOITDB CRITICAL text VERIFIED
MLM Forced Matrix 2.0.9 - SQL Injection via News Detail newid Parameter
MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17620 EXPLOITDB CRITICAL text VERIFIED
Lawyer Search Script 1.1 - SQL Injection via City Parameter
Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17619 EXPLOITDB CRITICAL text VERIFIED
Laundry Booking Script 1.0 - SQL Injection via City Parameter
Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.
by Ihsan Sencan
CVSS 9.8