Exploitdb Exploits
50,076 exploits tracked across all sources.
Mail Masta 1.0 - Authenticated SQL Injection via camp_id Parameter
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id.
by Hanley Shun
CVSS 7.2
Mail Masta 1.0 - Authenticated SQL Injection via Filter List Parameter
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list.
by Hanley Shun
CVSS 7.2
Mail Masta 1.0 - Unauthenticated SQL Injection via list_id Parameter
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.
by Hanley Shun
CVSS 9.8
Sawmill Enterprise 8.7.9 - Authentication Bypass via Password Hash
Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash.
by hyp3rlinx
CVSS 9.8
Mail Masta 1.0 - Authenticated SQL Injection via list_id Parameter
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id.
by Hanley Shun
CVSS 7.2
Joomla! Component Room Management 1.0 - SQL Injection
by Ihsan Sencan
Joomla! Component OS Services Booking 2.5.1 - SQL Injection
by Ihsan Sencan
Joomla! Component Most Wanted Real Estate 1.1.0 - SQL Injection
by Ihsan Sencan
Joomla! Component Joomloc-Lite 1.3.2 - 'site_id' SQL Injection
by Ihsan Sencan
Joomla! Component Joomloc-CAT 4.1.3 - 'ville' SQL Injection
by Ihsan Sencan
Joomla! Component Google Map Store Locator 4.4 - SQL Injection
by Ihsan Sencan
Joomla! Component Bazaar Platform 3.0 - SQL Injection
by Ihsan Sencan
NETGEAR DGN2200 Firmware < 10.0.0.50 - Authenticated OS Command Injection via ping_IPAddr Parameter
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.
by SivertPL
CVSS 9.8
Joomla! Component WMT Content Timeline 1.0 - 'id' SQL Injection
by Ihsan Sencan
Joomla! Component Team Display 1.2.1 - 'filter_category' SQL Injection
by Ihsan Sencan
Joomla! Component Groovy Gallery 1.0.0 - SQL Injection
by Ihsan Sencan
MuPDF - Stack-based Buffer Overflow in jstest_main.c
Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.
by Agostino Sarubbo
CVSS 7.8
WordPress Plugin Corner Ad 1.0.7 - Cross-Site Scripting
by Atik Rahman
Joomla! Component Spider FAQ Lite 1.3.1 - SQL Injection
by Ihsan Sencan
Joomla! Component Spider Facebook 1.6.1 - SQL Injection
by Ihsan Sencan
Joomla! Component Spider Catalog Lite 1.8.10 - SQL Injection
by Ihsan Sencan
By Source