Exploitdb Exploits
50,076 exploits tracked across all sources.
phpATM 1.32 (Windows) - Arbitrary File Upload / Remote Command Execution
by Paolo Massenio
op5 7.1.9 - Configuration Command Execution (Metasploit)
by Metasploit
Tiki Wiki CMS <14.1-6.14 - Command Injection
An authenticated command injection vulnerability exists in Tiki Wiki CMS versions ≤14.1, ≤12.4 LTS, ≤9.10 LTS, and ≤6.14 via the `viewmode` GET parameter in `tiki-calendar.php`. When the calendar module is enabled and an authenticated user has permission to access it, an attacker can inject and execute arbitrary PHP code. Successful exploitation leads to remote code execution in the context of the web server user.
by Dany Ouellet
Gemalto Sentinel License Manager 18.0.1.55505 - Directory Traversal
by LiquidWorm
SlimCMS 0.1 - Cross-Site Request Forgery (Change Admin Password)
by Avinash Thapa
SolarWinds Virtualization Manager <6.3.1 - Privilege Escalation
SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."
by Nate Kettlewell
CVSS 7.8
ATCOM PBX IP01 / IP08 / IP4 / IP2G4A - Authentication Bypass
by i-Hmx
AdobeUpdateService 3.6.0.248 - Unquoted Service Path Privilege Escalation
by Cyril Vallicari
Windows - Local Privilege Escalation via Win32k Bitmap Use-After-Free
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0174, and CVE-2016-0196.
by Nils Sommer
CVSS 7.8
Windows Kernel-Mode Drivers - Local Privilege Escalation via Crafted Application
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0173, CVE-2016-0174, and CVE-2016-0196.
by Nils Sommer
CVSS 7.8
Ultrabenosaurus ChatBoard - Persistent Cross-Site Scripting
by HaHwul
Ultrabenosaurus ChatBoard - Cross-Site Request Forgery (Send Message)
by HaHwul
PHPLive 4.4.8 < 4.5.4 - Password Recovery SQL Injection
by Tiago Carvalho
Joomla! Component com_enmasse 5.1 < 6.4 - SQL Injection
by Hamed Izadi
BookingWizz Booking System < 5.5 - Multiple Vulnerabilities
by Mehmet Ince
Bomgar Remote Support < 14.3.2 - Remote Code Execution via PHP Deserialization
Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts.
by Markus Wulftange
Google Chrome - GPU Process MailboxManagerImpl Double-Read
by Google Security Research
Hyperoptic (Tilgin) Router HG23xx - Multiple Vulnerabilities
by LiquidWorm
Oracle Orakill.exe 11.2.0 - Buffer Overflow (PoC)
by hyp3rlinx
WordPress Plugin Social Stream 1.5.15 - wp_options Overwrite
by wp0Day.com
By Source