Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-17586 EXPLOITDB CRITICAL text VERIFIED
FS Olx Clone 1.0 - SQL Injection via subpage.php scat or message.php pid Parameter
FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17585 EXPLOITDB CRITICAL text VERIFIED
FS Monster Clone 1.0 - SQL Injection via Employer_Details.php id Parameter
FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17584 EXPLOITDB CRITICAL text VERIFIED
FS Makemytrip Clone 1.0 - SQL Injection via fl_orig or fl_dest Parameter
FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17616 EXPLOITDB CRITICAL text
Event Search Script 1.0 - SQL Injection via City Parameter
Event Search Script 1.0 has SQL Injection via the /event-list city parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17596 EXPLOITDB CRITICAL text
Entrepreneur Job Portal Script 2.0.6 - SQL Injection via jobsearch_all.php rid1 Parameter
Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17648 EXPLOITDB CRITICAL text
Entrepreneur Dating Script 2.0.1 - SQL Injection via search_result.php Parameters
Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17610 EXPLOITDB CRITICAL text
E-commerce MLM Software 1.0 - SQL Injection via Service Detail PID Parameter
E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17594 EXPLOITDB CRITICAL text VERIFIED
DomainSale PHP Script 1.0 - SQL Injection via domain.php id Parameter
DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17611 EXPLOITDB CRITICAL text
Doctor Search Script 1.0 - SQL Injection via City Parameter
Doctor Search Script 1.0 has SQL Injection via the /list city parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17605 EXPLOITDB CRITICAL text
Consumer Complaints Clone Script 1.0 - SQL Injection via other-user-profile.php id Parameter
Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17606 EXPLOITDB CRITICAL text
Co-work Space Search Script 1.0 - SQL Injection via City Parameter
Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17607 EXPLOITDB CRITICAL text
CMS Auditor Website 1.0 - SQL Injection via PATH_INFO to /news-detail
CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17608 EXPLOITDB CRITICAL text
Child Care Script 1.0 - SQL Injection via City Parameter
Child Care Script 1.0 has SQL Injection via the /list city parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17609 EXPLOITDB CRITICAL text
Chartered Accountant Booking Script 1.0 - SQL Injection via Service-List City Parameter
Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-17601 EXPLOITDB CRITICAL text
Cab Booking Script 1.0 - SQL Injection via Service-List City Parameter
Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-16929 EXPLOITDB HIGH python
Claymore Dual GPU miner 10.1 - Path Traversal
The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathname to miner_file or miner_getfile.
by tintinweb
CVSS 8.1
CVE-2017-16930 EXPLOITDB CRITICAL python
Claymore Dual GPU Miner 10.1 - Remote Code Execution via Stack-Based Buffer Overflow
The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging.
by tintinweb
CVSS 9.8
EIP-2026-115792 EXPLOITDB VERIFIED
Microsoft Windows Defender - Controlled Folder Bypass Through UNC Path
by Google Security Research
EIP-2026-114801 EXPLOITDB ruby VERIFIED
Polycom Shell HDX Series - Traceroute Command Execution (Metasploit)
by Metasploit
EIP-2026-110292 EXPLOITDB text
OpenEMR 5.0.0 - OS Command Injection / Cross-Site Scripting
by SEC Consult
EIP-2026-110291 EXPLOITDB text
OpenEMR 5.0.0 - OS Command Injection / Cross-Site Scripting
by SEC Consult
EIP-2026-107281 EXPLOITDB text VERIFIED
FS IMDB Clone - 'id' SQL Injection
by Dan°
EIP-2026-107277 EXPLOITDB text VERIFIED
FS Facebook Clone - 'token' SQL Injection
by Dan°
CVE-2017-17085 EXPLOITDB HIGH text VERIFIED
Wireshark 2.4.0-2.4.2 and 2.2.0-2.2.10 - Denial of Service in CIP Safety Dissector
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.
by Wireshark
CVSS 7.5
CVE-2017-13868 EXPLOITDB MEDIUM c
Apple <11.2, <10.13.2, <4.2, <11.2 - Info Disclosure
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
by Brandon Azad
CVSS 5.5