Exploitdb Exploits
50,076 exploits tracked across all sources.
Linux Kernel < 4.13.2 - Denial of Service via iscsi_if_rx Length Validation
The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.
by Wang Chenyu
CVSS 5.5
OpenText Document Sciences xPression <4.5SP1 Patch 13 - SQL Injection
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.
by Marcin Woloszyn
CVSS 8.8
OpenText Document Sciences xPression v4.5SP1 Patch 13 - SQL Injection
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.
by Marcin Woloszyn
CVSS 8.8
NPM-V (Network Power Manager) 2.4.1 - Password Reset
by Saeed reza Zamanian
Microsoft Word 2007 (x86) - Information Disclosure
by Eduardo Braun Prado
Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow
by Owais Mehtab
Microsoft Office Word Malicious Hta Execution
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
by Eduardo Braun Prado
CVSS 7.8
Dup Scout Enterprise 10.0.18 - 'Import Command' Local Buffer Overflow
by Touhid M.Shaikh
Trend Micro OfficeScan <11.0 - Memory Corruption
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.
by hyp3rlinx
CVSS 9.8
WPHRM Human Resource Management System for WordPress 1.0 - SQL Injection via employee_id Parameter
WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter.
by Ihsan Sencan
CVSS 8.8
FileRun <2017.09.18 - SQL Injection
FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).
by SPARC
CVSS 9.8
ConverTo Video Downloader & Converter 1.4.1 - Arbitrary File Download via Token Parameter
ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php.
by Ihsan Sencan
CVSS 7.5
Intelbras WRN 150 - Authentication Bypass
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.
by Elber Tavares
CVSS 9.8
Trend Micro OfficeScan 11.0 - Use After Free
Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.
by hyp3rlinx
CVSS 7.5
Trend Micro OfficeScan 11.0 and XG (12.0) - Remote Code Execution via Man-in-the-Middle Attack
A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.
by hyp3rlinx
CVSS 8.1
Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass
by hyp3rlinx
DiskBoss Enterprise 8.4.16 - 'Import Command' Local Buffer Overflow
by Touhid M.Shaikh
Microsoft Office Groove - 'Workspace Shortcut' Arbitrary Code Execution
by Eduardo Braun Prado
DiskBoss Enterprise 8.4.16 - Local Buffer Overflow (PoC)
by Touhid M.Shaikh
Trend Micro OfficeScan 11.0/XG (12.0) - Server Side Request Forgery
by hyp3rlinx
Trend Micro OfficeScan 11.0 - Info Disclosure
A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.
by hyp3rlinx
CVSS 7.5
Trend Micro OfficeScan <11.0 - Info Disclosure
Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.
by hyp3rlinx
CVSS 5.3
Trend Micro OfficeScan XG 12.0 - Host Header Injection
A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
by hyp3rlinx
CVSS 7.5
By Source