Exploitdb Exploits
50,126 exploits tracked across all sources.
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/stat.ratings.php
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
by Nikhil Mittal
CVSS 8.8
Watchdog Anti-Malware and Online Security Pro 2.74.186.150 - NULL Pointer Dereference via ioctl 0x80002054
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002054. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.
by Parvez Anwar
CVSS 7.5
Sophos HitmanPro < 3.7.20 - Local Privilege Escalation via Malformed IOCTL Call
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.
by cbayet
CVSS 7.8
Watchdog Anti-Malware and Online Security Pro 2.74.186.150 - NULL Pointer Dereference via ioctl 0x80002010
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.
by Parvez Anwar
CVSS 7.5
NETGEAR DGN1000 < 1.1.00.48 - Unauthenticated OS Command Injection via setup.cgi
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC.
by Metasploit
CVSS 9.8
PHPMailer < 5.2.22 - Unauthenticated Sensitive Information Exposure via msgHTML Image Attachment Handling
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.
by Maciek Krupa
CVSS 5.5
KeystoneJS < 4.0.0-beta.7 - CSV Injection via CSV Export
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export.
by Ishaq Mohammed
CVSS 8.8
KeystoneJS < 4.0.0 - Stored Cross-Site Scripting via Contact Us Feature
A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature.
by Ishaq Mohammed
CVSS 6.1
Mura CMS < 6.1 - XML External Entity Injection via RSS Feed Parser
tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature.
by Anthony Cole
CVSS 6.5
Polycom HDX System Software < 3.0.5 - Use of Hard-coded Credentials
An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password.
by Metasploit
CVSS 9.8
K7 Total Security < 15.1.0.305 - Arbitrary Memory Read via K7Sentry Device Input
In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer.
by SecuriTeam
CVSS 7.1
Kaltura Server < mercury-13.1.0 - Remote Code Execution via Hardcoded Cookie Secret
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.
by Robin Verton
CVSS 9.8
By Source