Text Exploits

CVE-2018-25139 EXPLOITDB HIGH text

FLIR AX8 Thermal Camera <1.32.16 - Info Disclosure

FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage.

by LiquidWorm

CVSS 7.5

View

CVE-2018-25137 EXPLOITDB HIGH text

FLIR Brickstream 3D+ <2.1.742.1842 - Info Disclosure

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authentication bypass and privilege escalation.

by LiquidWorm

CVSS 7.5

View

CVE-2018-25136 EXPLOITDB HIGH text

FLIR Brickstream 3D+ <2.1.742.1842 - Info Disclosure

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can retrieve video stream images by directly accessing multiple image endpoints like middleImage.jpg, rightimage.jpg, and leftimage.jpg.

by LiquidWorm

CVSS 7.5

View

EIP-2026-109362 EXPLOITDB text

MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection

by Ihsan Sencan

View

EIP-2026-109040 EXPLOITDB text

KORA 2.7.0 - 'cid' SQL Injection

by Ihsan Sencan

View

EIP-2026-106061 EXPLOITDB text

College Notes Management System 1.0 - 'user' SQL Injection

by Ihsan Sencan

View

CVE-2018-18324 EXPLOITDB MEDIUM text

Webpanel - XSS

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter.

by seccops

CVSS 6.1

View

EIP-2026-104897 EXPLOITDB text

Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)

by Ihsan Sencan

View

EIP-2026-104896 EXPLOITDB text

Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection

by Ihsan Sencan

View

EIP-2026-101735 EXPLOITDB text

FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure

by LiquidWorm

View

EIP-2026-114694 EXPLOITDB text

CAMALEON CMS 2.4 - Cross-Site Scripting

by Ismail Tasdelen

View

CVE-2018-17784 EXPLOITDB MEDIUM text

SugarCRM Community Edition 6.5.26 - XSS

Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.

by Purplemet Security

CVSS 6.1

View

EIP-2026-109228 EXPLOITDB text

LUYA CMS 1.0.12 - Cross-Site Scripting

by Ismail Tasdelen

View

EIP-2026-107554 EXPLOITDB text

HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)

by Ihsan Sencan

View

EIP-2026-107553 EXPLOITDB text

HaPe PKH 1.1 - Arbitrary File Upload

by Ihsan Sencan

View

EIP-2026-107552 EXPLOITDB text

HaPe PKH 1.1 - 'id' SQL Injection

by Ihsan Sencan

View

CVE-2018-16210 EXPLOITDB MEDIUM text

Wago 750-362 Firmware < 05 - XSS

WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.

by SecuNinja

CVSS 6.1

View

CVE-2018-8533 EXPLOITDB MEDIUM text VERIFIED

Microsoft SQL Server Management Studio <18 - Info Disclosure

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532.

by hyp3rlinx

CVSS 5.5

View

CVE-2018-8532 EXPLOITDB MEDIUM text VERIFIED

Microsoft SQL Server Management Studio <18.0 - Info Disclosure

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8533.

by hyp3rlinx

CVSS 5.5

View

CVE-2018-8527 EXPLOITDB MEDIUM text VERIFIED

Microsoft SQL Server Management Studio <18.0 - Info Disclosure

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533.

by hyp3rlinx

CVSS 5.5

View

EIP-2026-113430 EXPLOITDB text

Wikidforum 2.20 - Cross-Site Scripting

by Amir Hossein Mahboubi

View

CVE-2018-9206 EXPLOITDB CRITICAL text VERIFIED

Blueimp jQuery-File-Upload <=9.22.0 - File Upload

Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0

by Larry W. Cashdollar

CVSS 9.8

View

EIP-2026-106637 EXPLOITDB text

E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection

by Ihsan Sencan

View

CVE-2018-12596 EXPLOITDB CRITICAL text

Episerver Ektron Cms - Improper Privilege Management

Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins).

by alt3kx

CVSS 9.8

View

EIP-2026-100049 EXPLOITDB text VERIFIED

WhatsApp - RTP Processing Heap Corruption

by Google Security Research

View