Exploitdb Exploits
50,076 exploits tracked across all sources.
Progress Sitefinity CMS <10.1 - XSS
Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages Parameter : Image Title, /Content/links Parameter : Link Title, /Content/links Parameter : Link Title, or /Content/Videos/LibraryVideos/default-video-library Parameter : Video Title.
by Pralhad Chaskar
CVSS 6.1
Malicious Git HTTP Server For CVE-2017-1000117
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
by Metasploit
CVSS 8.8
Huge-IT Video Gallery v1.0.9 - SQL Injection
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
by Larry W. Cashdollar
CVSS 9.8
Huge-IT Catalog <1.0.7 - SQL Injection
Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla
by Larry W. Cashdollar
CVSS 9.8
Huge-IT Portfolio Gallery Plugin <1.0.6 - SQL Injection
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6
by Larry W. Cashdollar
CVSS 9.8
IBM Notes 8.5 and 9.0 - Denial of Service via Malicious Link
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.
by Dhiraj Mishra
CVSS 6.5
IBM Notes 8.5-9.0 - Denial of Service via Malicious Link
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.
by Dhiraj Mishra
CVSS 6.5
Joomla! Component Quiz Deluxe 3.7.4 SQL Injection
Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flag_question task. Attackers can inject malicious SQL code via the stu_quiz_id or flag_quest parameters to manipulate database queries and extract sensitive information.
by Ihsan Sencan
CVSS 8.2
Rapid7 Metasploit < 4.14.1 - Cross-Site Request Forgery via Logout Function
The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.
by Dhiraj Mishra
CVSS 6.5
Joomla! Component Joomanager 2.0.0 - 'com_Joomanager' Arbitrary File Download (PoC)
by Ihsan Sencan
Invoice Manager 3.1 - Cross-Site Request Forgery (Add Admin)
by Ali BawazeEer
Oracle JDK 6u161, 7u151, 8u144, 9 and Java SE Embedded 8u144 - Unauthenticated Partial Denial of Service via Networking
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
by SecuriTeam
CVSS 5.3
User Login and Management - Multiple Vulnerabilities
by Ali BawazeEer
D-Link DIR-600 B1 v2.x - Unauthenticated Path Traversal via __show_info.php REQUIRE_FILE Parameter
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.
by Jithin D Kurup
CVSS 9.8
QNAP Transcode Server - Command Execution (Metasploit)
by Metasploit
Easy WMV/ASF/ASX to DVD Burner 2.3.11 - Local Buffer Overflow (SEH)
by Touhid M.Shaikh
Easy Vedio to PSP Converter 1.6.20 - Local Buffer Overflow (SEH)
by Kishan Sharma
Easy RM RMVB to DVD Burner 1.8.11 - Local Buffer Overflow (SEH)
by Touhid M.Shaikh
WYSIWYG HTML Editor PRO 1.0 - Arbitrary File Download
by Ihsan Sencan
Schools Alert Management Script - Authentication Bypass
by Ali BawazeEer
By Source