Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106959 EXPLOITDB text
Expense Management 1.0 - Arbitrary File Upload
by Ihsan Sencan
EIP-2026-106822 EXPLOITDB text
Electricks eCommerce 1.0 - 'prodid' SQL Injection
by Ihsan Sencan
EIP-2026-105850 EXPLOITDB text
CI User Login and Management 1.0 - Arbitrary File Upload
by Ihsan Sencan
EIP-2026-105258 EXPLOITDB text
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection
by Ihsan Sencan
EIP-2026-102738 EXPLOITDB text
SIPp 3.3.990 - Local Buffer Overflow (PoC)
by Nawaf Alkeraithe
CVE-2018-18777 EXPLOITDB MEDIUM text
Microstrategy Web - Path Traversal
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.
by Rafael Pedrero
CVSS 4.3
EIP-2026-101874 EXPLOITDB text
Netgear WiFi Router R6120 - Credential Disclosure
by Wadeek
CVE-2018-18822 EXPLOITDB CRITICAL text
Grapixel New Media - SQL Injection
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.
by Berk Dusunur
CVSS 9.8
CVE-2018-18802 EXPLOITDB HIGH text
Tubigan Welcome TO Our Resort - CSRF
The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/mod_users/controller.php?action=edit.
by Ihsan Sencan
CVSS 8.8
CVE-2018-18758 EXPLOITDB CRITICAL text
Open Faculty Evaluation System - SQL Injection
Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18757.
by Ihsan Sencan
CVSS 9.8
CVE-2018-18757 EXPLOITDB CRITICAL text
Open Faculty Evaluation System - SQL Injection
Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758.
by Ihsan Sencan
CVSS 9.8
CVE-2018-10711 EXPLOITDB HIGH text
Asrock A-tuning < 3.0.210 - Improper Input Validation
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.
by SecureAuth
CVSS 7.8
CVE-2018-10710 EXPLOITDB HIGH text
Asrock A-tuning < 3.0.210 - Incorrect Permission Assignment
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
by SecureAuth
CVSS 7.1
CVE-2018-10709 EXPLOITDB HIGH text
Asrock A-tuning < 3.0.210 - Incorrect Permission Assignment
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
by SecureAuth
CVSS 7.8
CVE-2018-18759 EXPLOITDB HIGH text
Modbustools Modbus Slave - Memory Corruption
Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow.
by Ihsan Sencan
CVSS 7.5
CVE-2018-10712 EXPLOITDB HIGH text
Asrock A-tuning < 3.0.210 - Incorrect Permission Assignment
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
by SecureAuth
CVSS 7.8
CVE-2018-18795 EXPLOITDB CRITICAL text
School Event Management System - SQL Injection
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-18794 EXPLOITDB HIGH text
School Event Management System - CSRF
School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.
by Ihsan Sencan
CVSS 8.8
CVE-2018-18793 EXPLOITDB CRITICAL text
School Event Management System - Unrestricted File Upload
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
by Ihsan Sencan
CVSS 9.8
CVE-2018-18798 EXPLOITDB CRITICAL text
School Attendance Monitoring System - SQL Injection
Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php?view=view, event/index.php?view=view, and user/index.php?view=view.
by Ihsan Sencan
CVSS 9.8
CVE-2018-18797 EXPLOITDB HIGH text
School Attendance Monitoring System - CSRF
School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php.
by Ihsan Sencan
CVSS 8.8
CVE-2018-18799 EXPLOITDB HIGH text
School Attendance Monitoring System - CSRF
School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos.
by Ihsan Sencan
CVSS 8.8
CVE-2018-18763 EXPLOITDB CRITICAL text
Saltos - SQL Injection
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.
by Ihsan Sencan
CVSS 9.8
CVE-2018-18761 EXPLOITDB CRITICAL text
Saltos - SQL Injection
SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection.
by Ihsan Sencan
CVSS 9.8
CVE-2018-18762 EXPLOITDB MEDIUM text
Saltos - Information Disclosure
SaltOS 3.1 r8126 contains a database download vulnerability.
by Ihsan Sencan
CVSS 6.5
By Source
All 31,346 Writeup 52,991 Exploitdb 50,135 Nomisec 21,420 Metasploit 3,228 Github 2,580 Vulncheck_xdb 903 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,917 c 3,577 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 52 postscript 25 xml 24