Exploitdb Exploits

4,759 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115006 EXPLOITDB python
Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC)
by Daniel
CVE-2018-15768 EXPLOITDB MEDIUM python VERIFIED
Dell OpenManage Network Manager < 6.5.0 - Insecure MySQL File System Access Control
Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database.
by KoreLogic
CVSS 6.5
CVE-2018-7182 EXPLOITDB HIGH python
ntp 4.2.8p6-4.2.8p10 - Denial of Service via Crafted Mode 6 Packet
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
by Magnus Klaaborg Stubman
CVSS 7.5
EIP-2026-118175 EXPLOITDB python
XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode)
by Semen Alexandrovich Lyhin
EIP-2026-103364 EXPLOITDB python
CuteFTP Mac 3.1 - Denial of Service (PoC)
by Yair Rodríguez Aparicio
CVE-2018-14665 EXPLOITDB MEDIUM python
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
by bolonobolo
CVSS 6.6
CVE-2018-25231 EXPLOITDB MEDIUM python
HeidiSQL 9.5.0.5196 Denial of Service via Preferences
HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers can input a buffer-overflow payload through the SQL log file path field in Preferences > Logging to trigger an application crash.
by Victor Mondragón
CVSS 6.2
CVE-2018-25193 EXPLOITDB HIGH python
Mongoose Web Server 6.9 - Denial of Service via Multiple Socket Connections
Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability.
by Ihsan Sencan
CVSS 7.5
EIP-2026-119583 EXPLOITDB python
CuteFTP 9.3.0.3 - Denial of Service (PoC)
by Ismael Nava
CVE-2018-25427 EXPLOITDB CRITICAL python
Arm Whois 3.11 - Stack-based Buffer Overflow via Oversized IP/Domain Input
Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception handler and gain command execution when the application processes the input.
by Semen Alexandrovich Lyhin
CVSS 9.8
CVE-2018-25198 EXPLOITDB MEDIUM python
eToolz 3.4.8.0 - Denial of Service via Oversized Input Buffer
eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing 255 bytes of data that triggers a buffer overflow condition when processed by the application.
by Ihsan Sencan
CVSS 6.2
EIP-2026-119576 EXPLOITDB python
Blue Server 1.1 - Denial of Service (PoC)
by Ihsan Sencan
EIP-2026-116514 EXPLOITDB python
VSAXESS V2.6.2.70 build20171226_053 - 'organization' Denial of Service (PoC)
by Diego Santamaria
CVE-2018-10517 EXPLOITDB HIGH python
CMS Made Simple < 2.2.7 - Authenticated Remote Code Execution via Module Import XML Package
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
by Lucian Ioan Nitescu
CVSS 7.2
CVE-2018-25232 EXPLOITDB MEDIUM python
Softros LAN Messenger 9.2 Denial of Service via Log Files Location
Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location custom path parameter to trigger a crash when the OK button is clicked.
by Victor Mondragón
CVSS 5.5
CVE-2018-15705 EXPLOITDB MEDIUM python
Advantech WebAccess 8.3.1-8.3.2 - Authenticated Path Traversal and Arbitrary File Write via WADashboard writeFile API
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.
by Chris Lyne
CVSS 6.5
CVE-2018-19037 EXPLOITDB HIGH python
Virgin Media Hub 3.0 Firmware - Denial of Service via Web Interface POST Requests
On Virgin Media wireless router 3.0 hub devices, the web interface is vulnerable to denial of service. When POST requests are sent and keep the connection open, the router lags and becomes unusable to anyone currently using the web interface.
by Ross Inman
CVSS 7.5
CVE-2018-19458 EXPLOITDB HIGH python
php-proxy 3.0.3 - Unauthenticated Local File Inclusion via index.php q Parameter
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
by AkkuS
CVSS 7.5
CVE-2018-15707 EXPLOITDB MEDIUM python
Advantech WebAccess 8.3.1 and 8.3.2 - Cross-Site Scripting in Bwmainleft.asp
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.
by Chris Lyne
CVSS 5.4
CVE-2018-25426 EXPLOITDB HIGH python
WinMTR 0.91 Denial of Service via Buffer Overflow
WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Attackers can create a specially crafted input file with 238 bytes of data to trigger a buffer overflow condition that causes the application to crash.
by Ihsan Sencan
CVSS 7.5
EIP-2026-119625 EXPLOITDB python
Zint Barcode Generator 2.6 - Denial of Service (PoC)
by Ihsan Sencan
EIP-2026-119579 EXPLOITDB python
CdCatalog 2.3.1 - Denial of Service (PoC)
by Ihsan Sencan
CVE-2018-25423 EXPLOITDB MEDIUM python
Arm Whois 3.11 Denial of Service via Buffer Overflow
Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 bytes into the IP address or domain input field to trigger a denial of service condition.
by Yair Rodríguez Aparicio
CVSS 6.2
CVE-2018-25233 EXPLOITDB MEDIUM python
WebDrive 18.00.5057 Denial of Service via Secure WebDAV
WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in the username parameter and trigger a connection test to cause the application to crash.
by Victor Mondragón
CVSS 6.2
CVE-2018-18944 EXPLOITDB HIGH python
Artha 1.0.3.0 - Buffer Overflow
Artha ~ The Open Thesaurus 1.0.3.0 has a Buffer Overflow.
by Ihsan Sencan
CVSS 7.5
By Source
All 4,759 Writeup 62,507 Exploitdb 50,076 Nomisec 22,463 Github 3,685 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,604 ruby 6,006 c 3,632 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25