Exploitdb Exploits

31,364 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-1002007 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002006 EXPLOITDB MEDIUM text
XSS - Privilege Escalation
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002005 EXPLOITDB MEDIUM text
XSS - Bft List Html Php
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002004 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002003 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002002 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002001 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002000 EXPLOITDB HIGH text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - SQL Injection
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.
by Larry W. Cashdollar
CVSS 7.2
CVE-2018-1002009 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-17254 EXPLOITDB CRITICAL text VERIFIED
JCK Editor <6.4.4 - SQL Injection
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
by Hamza Megahed
CVSS 9.8
EIP-2026-101885 EXPLOITDB text VERIFIED
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting
by cakes
EIP-2026-114103 EXPLOITDB text VERIFIED
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
by Ceylan BOZOĞULLARINDAN
CVE-2018-1321 EXPLOITDB HIGH text
Apache Syncope < 1.2.11 - Improper Input Validation
An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.
by Che-Chun Kuo
CVSS 7.2
CVE-2018-1322 EXPLOITDB MEDIUM text
Apache Syncope < 1.2.11 - Information Disclosure
An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.
by Che-Chun Kuo
CVSS 4.9
CVE-2018-1306 EXPLOITDB HIGH text
Apache Pluto < 3.0.1 - Information Disclosure
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.
by Che-Chun Kuo
CVSS 7.5
EIP-2026-102803 EXPLOITDB text VERIFIED
Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket
by Google Security Research
EIP-2026-102641 EXPLOITDB text VERIFIED
Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler
by Google Security Research
CVE-2018-10814 EXPLOITDB HIGH text
Synametrics Synaman - Insufficiently Protected Credentials
Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.
by bzyo
CVSS 7.8
CVE-2018-10763 EXPLOITDB MEDIUM text
Synametrics Synaman - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page.
by bzyo
CVSS 4.8
CVE-2018-15596 EXPLOITDB MEDIUM text
Mybb - XSS
An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS.
by 0xB9
CVSS 6.1
CVE-2018-1756 EXPLOITDB HIGH text VERIFIED
IBM Security Identity Governance And Intelligence - SQL Injection
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599.
by Mohamed Sayed
CVSS 7.5
CVE-2018-16836 EXPLOITDB CRITICAL text
Rubedo <3.4.0 - Path Traversal
Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.
by Marouene Boubakri
CVSS 9.8
EIP-2026-105416 EXPLOITDB text
Bayanno Hospital Management System 4.0 - Cross-Site Scripting
by Gokhan Sagoglu
CVE-2018-9488 EXPLOITDB HIGH text VERIFIED
Google Android - Incorrect Authorization
In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376.
by Google Security Research
CVSS 7.8
CVE-2018-25282 EXPLOITDB MEDIUM text
Nmap 7.70 Denial of Service via XML Entity Expansion
Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import functionality to cause the program to consume excessive system resources and crash.
by Gionathan Reale
CVSS 6.2
By Source
All 31,364 Writeup 53,536 Exploitdb 50,186 Nomisec 21,428 Metasploit 3,228 Github 2,586 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,364 ruby 5,960 python 5,948 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24