Exploitdb Exploits
50,076 exploits tracked across all sources.
Intellinet NFC-30ir IP Camera - RCE
Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.
by Dimitri Fousekis
CVSS 9.8
D-Link DWR-116 Firmware - Unauthenticated Path Traversal via UIR GET Request
Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.
by Patryk Bogdan
CVSS 7.5
QNAP QTS < 4.2.4 - OS Command Injection
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
by Harry Sintonen
CVSS 9.8
Moodle 2.x-3.x - SQL Injection via User Preferences
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
by Marko Belzetski
CVSS 9.8
Cesanta Mongoose Library <6.7 & OS <1.2 Use-After-Free via Multipart POST
Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string.
by Compass Security
CVSS 7.5
HelpDEZk 1.1.1 - Cross-Site Request Forgery in Admin Person Management
HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges.
by rungga_reksya
CVSS 8.8
Spiceworks Inventory <7.5 - Path Traversal
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.
by hyp3rlinx
CVSS 9.8
HelpDEZk 1.1.1 - Cross-Site Request Forgery in Logo Upload
HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code.
by rungga_reksya
CVSS 8.8
Faveo 1.9.3 - Cross-Site Request Forgery in Role Change Admin
public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges.
by rungga_reksya
CVSS 8.0
D-Link DIR-615 Firmware 20.09 - Cross-Site Request Forgery
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password.
by Pratik S. Shah
CVSS 8.8
iPhone OS < 10.2.1 and Safari < 10.0.3 - Same Origin Policy Bypass in WebKit
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
by Google Security Research
CVSS 6.5
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
Safari < 10.1 - Universal Cross-Site Scripting via Crafted Frame Objects
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects.
by Google Security Research
CVSS 6.1
Safari < 10.1 - Same Origin Policy Bypass via WebKit
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
by Google Security Research
CVSS 6.5
By Source