Exploitdb Exploits

31,364 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-17440 EXPLOITDB CRITICAL text VERIFIED
D-Link Central WiFi Manager <1.03r0100-Beta1 - RCE
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.
by Core Security
CVSS 9.8
CVE-2018-17443 EXPLOITDB MEDIUM text VERIFIED
D-Link Central WiFi Manager <1.03r0100-Beta1 - XSS
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.
by Core Security
CVSS 6.1
EIP-2026-105808 EXPLOITDB text VERIFIED
Chamilo LMS 1.11.8 - Cross-Site Scripting
by cakes
CVE-2018-17456 EXPLOITDB CRITICAL text
Malicious Git HTTP Server For CVE-2018-17456
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
by Junio C Hamano
CVSS 9.8
EIP-2026-101884 EXPLOITDB text VERIFIED
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)
by cakes
CVE-2018-17988 EXPLOITDB CRITICAL text
Layerbb - SQL Injection
LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-17793 EXPLOITDB text
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
by vr_system
CVE-2018-17591 EXPLOITDB MEDIUM text
AirTies Air 5343v2 <1.0.0.18 - XSS
AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
by Ismail Tasdelen
CVSS 6.1
CVE-2018-17590 EXPLOITDB MEDIUM text
AirTies Air 5442 <1.0.0.18 - XSS
AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
by Ismail Tasdelen
CVSS 6.1
CVE-2018-17588 EXPLOITDB MEDIUM text
AirTies Air 5021 <1.0.0.18 - XSS
AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
by Ismail Tasdelen
CVSS 6.1
CVE-2018-17587 EXPLOITDB MEDIUM text
AirTies Air 5750 <1.0.0.18 - XSS
AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
by Ismail Tasdelen
CVSS 6.1
CVE-2018-17399 EXPLOITDB CRITICAL text
Jimtawl 2.2.7 - SQL Injection
SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-17313 EXPLOITDB MEDIUM text
RICOH MP C307 - XSS
On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
by Ismail Tasdelen
CVSS 6.1
EIP-2026-114579 EXPLOITDB text
Zechat 1.5 - 'uname' SQL Injection
by Ihsan Sencan
CVE-2018-17310 EXPLOITDB MEDIUM text
RICOH MP C1803 JPN - XSS
On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
by Ismail Tasdelen
CVSS 6.1
CVE-2018-17593 EXPLOITDB MEDIUM text
AirTies Air 5453 <1.0.0.18 - XSS
AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
by Ismail Tasdelen
CVSS 6.1
EIP-2026-110217 EXPLOITDB text
OPAC EasyWeb Five 5.7 - 'nome' SQL Injection
by Ihsan Sencan
CVE-2018-17428 EXPLOITDB CRITICAL text
OPAC EasyWeb Five <5.7 - SQL Injection
An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter.
by Dino Barlattani
CVSS 9.8
EIP-2026-106041 EXPLOITDB text
Coaster CMS 5.5.0 - Cross-Site Scripting
by Ismail Tasdelen
CVE-2018-17843 EXPLOITDB CRITICAL text
ADD Clicking MLM Software <1.0 - SQL Injection
SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0 via the member/readmsg.php msg_id parameter, the member/tree.php pid parameter, or the member/downline.php m_id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-17842 EXPLOITDB CRITICAL text
Scriptzee Hotel Booking Engine 1.0 - SQL Injection
SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-17840 EXPLOITDB CRITICAL text
Scriptzee Education Website 1.0 - SQL Injection
SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-17832 EXPLOITDB MEDIUM text
WUZHI CMS 2.0 - XSS
XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter.
by Renzi
CVSS 6.1
EIP-2026-107187 EXPLOITDB text
Fork CMS 5.4.0 - Cross-Site Scripting
by Ismail Tasdelen
EIP-2026-107151 EXPLOITDB text
Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection
by Ihsan Sencan
By Source
All 31,364 Writeup 53,536 Exploitdb 50,186 Nomisec 21,428 Metasploit 3,228 Github 2,586 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,364 ruby 5,960 python 5,948 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24