Exploitdb Exploits
50,076 exploits tracked across all sources.
NoviWare < 400.2.6 - Authenticated Buffer Overflow via 'show log cli' Command
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.
by François Goichon
CVSS 9.8
SOA School Management 3.0 - SQL Injection
Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote).
by Ihsan Sencan
CVSS 9.8
Joomla! Component Appointment 1.1 - SQL Injection
https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component.
by Ihsan Sencan
CVSS 9.8
Ambit Technologies iTech Scripts - SQL Injection
Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and Tech Freelancer Script 5.27i and Tech Image Sharing Script 4.13i and Tech Job Script 9.27i and Tech Movie Script 7.51i and Tech Multi Vendor Script 6.63i and Tech Social Networking Script 3.08i and Tech Travel Script 9.49. The impact is: Code execution (remote).
by Ihsan Sencan
CVSS 9.8
OSNEXUS QuantaStor < 4.3.0 - Cross-Site Scripting via REST Error Response
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS.
by VVVSecurity
CVSS 6.1
ZKTeco ZKTime Web 2.0.1.12280 - Info Disclosure
ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.
by Arvind V
CVSS 7.5
ZKTeco ZKTime Web 2.0.1.12280 - Authenticated Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.
by Arvind V
CVSS 8.0
Mozilla Firefox <45.0 - Firefox ESR 38.x <38.7 - RCE
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.
by Hans Jerry Illikainen
CVSS 8.8
MessengerScan 1.05 - Local Buffer Overflow (PoC)
by Anurag Srivastava
iTech Business Networking Script 8.26 - SQL Injection
by Ihsan Sencan
By Source