Exploitdb Exploits
50,076 exploits tracked across all sources.
PHP Ticket System Beta 1 - 'get_all_created_by_user.php?id' SQL Injection
by HauntIT
SpagoBI < 4.1 - Privilege Escalation via AdapterHTTP Script
SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script
by Christian Catalano
CVSS 8.8
Plex Media Server < 0.9.9.2 - Server-Side Request Forgery and Authentication Bypass via X-Plex-Url Header
Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server.
by SEC Consult
MICROSENS Profi Line Switch 10.3.1 - Privilege Escalation
by SEC Consult
Ganesha Digital Library 4.2 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php.
by ByEge
Bluetooth Photo Share Pro 2.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Symantec Endpoint Protection Manager 11.0-11.0.7405.1424 and 12.1-12.1.4023.4080 - Authenticated SQL Injection
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
by Metasploit
Symantec Endpoint Protection Manager < 11.0.7405.1424 and 12.1 < 12.1.4023.4080 - XML External Entity Injection
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by Metasploit
Gold MP4 Player 3.3 - Buffer Overflow (PoC) (SEH)
by Gabor Seljan
POSH < 3.2.1 - SQL Injection via RSS URL Parameter
SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter.
by Anthony BAUBE
Piwigo < 2.6.2 - Cross-Site Request Forgery via User Addition in Administration Panel
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.
by killall-9
CVSS 6.5
Notepad++ CCompletion Plugin 1.19 - Local Stack Buffer Overflow
by tishion
Sendy 1.1.8.4 - SQL Injection via i Parameter
SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter.
by Hurley
Private Camera Pro 5.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Technicolor TC7200 - Info Disclosure
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
by Jeroen - IT Nerdbox
CVSS 7.5
Python <2.7.7, <3.3.4, <3.4rc1 - Buffer Overflow
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
by Sha0
Symantec Endpoint Protection Manager < 11.0.7405.1424 and 12.1 < 12.1.4023.4080 - XML External Entity Injection
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by Chris Graham
Symantec Endpoint Protection Manager 11.0-11.0.7405.1424 and 12.1-12.1.4023.4080 - Authenticated SQL Injection
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
by Chris Graham
Ultra Mini HTTPD 1.21 - Buffer Overflow
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
by OJ Reeves
SolidWorks Workgroup PDM 2014 - Unauthenticated Path Traversal and Arbitrary File Write via File Upload
Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload.
by Mohamed Shetta
By Source