Exploitdb Exploits
50,076 exploits tracked across all sources.
Google Android - RKP Information Disclosure via s2-remapping Physical Ranges
by Google Security Research
Google Android - 'cfp_ropp_new_key_reenc' / 'cfp_ropp_new_key' RKP Memory Corruption
by Google Security Research
AlienVault OSSIM & USM <5.3.2 - Code Injection
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.
by Mehmet Ince
CVSS 9.8
Billion / TrueOnline / ZyXEL Routers - Multiple Vulnerabilities
by Pedro Ribeiro
Itech B2B Script 4.28 - SQL Injection
A vulnerability was found in Itech B2B Script 4.28. It has been rated as critical. This issue affects some unknown processing of the file /catcompany.php. The manipulation of the argument token with the input 704667c6a1e7ce56d3d6fa748ab6d9af3fd7' AND 6539=6539 AND 'Fakj'='Fakj leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
by Kaan KAMIS
CVSS 6.3
Itech Classifieds Script 7.27 - SQL Injection
A vulnerability classified as critical has been found in Itech Classifieds Script 7.27. Affected is an unknown function of the file /subpage.php. The manipulation of the argument scat with the input =51' AND 4941=4941 AND 'hoCP'='hoCP leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
by Kaan KAMIS
CVSS 6.3
Itech Dating Script 3.26 - SQL Injection
A vulnerability classified as critical was found in Itech Dating Script 3.26. Affected by this vulnerability is an unknown functionality of the file /see_more_details.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
by Kaan KAMIS
CVSS 6.3
Itech Freelancer Script 5.13 - SQL Injection
A vulnerability, which was classified as critical, has been found in Itech Freelancer Script 5.13. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument sk leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
by Kaan KAMIS
CVSS 6.3
Itech Multi Vendor Script 6.49 - SQL Injection
A vulnerability was found in Itech Multi Vendor Script 6.49 and classified as critical. This issue affects some unknown processing of the file /multi-vendor-shopping-script/product-list.php. The manipulation of the argument pl leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
by Kaan KAMIS
CVSS 6.3
Itech News Portal 6.28 - SQL Injection
A vulnerability was found in Itech News Portal 6.28. It has been classified as critical. Affected is an unknown function of the file /news-portal-script/information.php. The manipulation of the argument inf leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
by Kaan KAMIS
CVSS 6.3
Itech Real Estate Script 3.12 - SQL Injection
A vulnerability was found in Itech Real Estate Script 3.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /real-estate-script/search_property.php. The manipulation of the argument property_for leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
by Kaan KAMIS
CVSS 6.3
PEAR Base System 1.10.1 - Arbitrary File Overwrite via Unvalidated Redirect Response
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.
by hyp3rlinx
CVSS 7.5
Itech Dating Script 3.26 - 'send_gift.php' SQL Injection
by Ihsan Sencan
HelpDeskZ < 1.0.2 - (Authenticated) SQL Injection / Unauthorized File Download
by Mariusz Poplawski
NETGEAR R8500-R8000 - Info Disclosure
An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions.
by Trustwave's SpiderLabs
CVSS 8.1
By Source