Exploitdb Exploits
50,091 exploits tracked across all sources.
ManageEngine Security Manager Plus 5.5 build 5505 - Remote Root/SYSTEM SQL Injection
by xistence
Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation
by halfdog
OTRS Help Desk <2.4.15, <3.0.17, <3.1.11 - XSS
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.
by Mike Eduard
Broadcom WIDCOMM Bluetooth - 'btkrnl.sys' Driver Privilege Escalation
by Nikita Tarakanov
WordPress Plugin Wordfence Security - Cross-Site Scripting
by MustLive
WordPress Plugin FireStorm Professional Real Estate 2.06.01 - SQL Injection
by Ashiyane Digital Security Team
BSW Gallery - 'uploadpic.php' Arbitrary File Upload
by cr4wl3r
Amateur Photographer's Image Gallery - 'plist.php?albumid' SQL Injection
by cr4wl3r
Amateur Photographer's Image Gallery - 'plist.php?albumid' Cross-Site Scripting
by cr4wl3r
Amateur Photographer's Image Gallery - 'fullscreen.php?albumid' SQL Injection
by cr4wl3r
Amateur Photographer's Image Gallery - 'force-download.php?File' Information Disclosure
by cr4wl3r
Oracle Database Server - Info Disclosure
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."
by Esteban Martinez Fayo
WordPress Plugin Slideshow - Multiple Cross-Site Scripting Vulnerabilities
by waraxe
jcore < 1.0 - Cross-Site Scripting via Admin Index Path Parameter
Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter.
by High-Tech Bridge
Oracle WebCenter Sites - Info Disclosure
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3183 and CVE-2012-3185.
by SEC Consult
Trustwave ModSecurity < 2.7.0 - Rule Bypass via Malformed Multipart Request
The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
by Bernhard Mueller
ManageEngine Support Center Plus 7908 - Multiple Vulnerabilities
by xistence
Project Pier <0.8.8 - Unauthenticated RCE
Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/upload_file.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files directly into a web-accessible directory. The uploaded file is stored with a predictable suffix and can be executed by requesting its URL, resulting in remote code execution.
by Metasploit
AjaXplorer < 2.6 - Unauthenticated Remote Code Execution via access.ssh checkInstall.php destServer Parameter
An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By injecting shell metacharacters, remote attackers can execute arbitrary system commands on the server with the privileges of the web server process.
by Metasploit
Samsung Kies <2.5.0.12094 - Privilege Escalation
Samsung Kies before 2.5.0.12094_27_11 has registry modification.
by High-Tech Bridge SA
CVSS 7.5
Microsoft Windows - Escalate Service Permissions Privilege Escalation (Metasploit)
by Metasploit
Ezhometech EzServer 7.0 - Remote Code Execution via AMF Request memcpy Overflow
A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a Denial of Service
by Lorenzo Cantoni
CVSS 9.8
WANem - Multiple Cross-Site Scripting Vulnerabilities
by Brendan Coles
By Source