Exploitdb Exploits
50,076 exploits tracked across all sources.
COMODO Backup <4.4.1.23 - Privilege Escalation
The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference.
by Parvez Anwar
ferretCMS 1.0.4-alpha - Cross-Site Request Forgery in admin.php
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cross-site scripting (XSS), (2) SQL injection, or (3) unrestricted file upload attacks.
by Steffen Rösemann
Symantec SCSP <5.2.9, SDCS:SA <6.0 MP1 - Auth Bypass
The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.
by SEC Consult
CMSJunkie J-ClassifiedsManager - Cross-Site Scripting via View Parameter
Cross-site scripting (XSS) vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the view parameter to /classifieds.
by Sarath Nair
ZOHO ManageEngine ServiceDesk Plus <9.0 build 9031 - Info Disclosure
ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp.
by Rewterz - Research Group
ManageEngine EventLog Analyzer 9.0 - Directory Traversal / Cross-Site Scripting
by Ertebat Gostar Co
Android < 5.0.1 - Denial of Service via Crafted 802.11 Probe Response Frame
WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame.
by Core Security
CVSS 7.5
op5 Monitor/Appliance <1.6.2/<5.5.3 - Command Injection
license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.
by Metasploit
NPDS Revolution 13 - SQL Injection via Search Query Parameter
SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter.
by Narendra Bhati
Exif Pilot 4.7.2 - Buffer Overflow via Long Maker Element in XML File
Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file.
by Osanda Malith Jayathissa
xlinkerz ecommerceMajor - SQL Injection
Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php.
by Manish Tanwar
ManageEngine ServiceDesk Plus 9.0 - User Enumeration
by Muhammad Ahmed Siddiqui
ZOHO ManageEngine SDP <9.0.9031 - SQL Injection
SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.
by Muhammad Ahmed Siddiqui
Cisco Ironport Appliances - Privilege Escalation
by Glafkos Charalambous
Free Reprintables ArticleFR <3.0.5 - SQL Injection
SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/.
by TranDinhTien
Zhone GPON 2520 R4.0.2.566b - Denial of Service via Old Password Parameter
Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to cause a denial of service via a long string in the oldpassword parameter.
by Kaczinski Ramirez
Pixabay Images <2.4 - Code Injection
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.
by Hans-Martin Muench
pixabay_images < 2.3 - Cross-Site Scripting via image_user Parameter
Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.
by Hans-Martin Muench
By Source