Exploitdb Exploits

31,364 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-16134 EXPLOITDB MEDIUM text VERIFIED
Cybrotech Cybrohttpserver - XSS
Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI.
by Emre ÖVÜNÇ
CVSS 6.1
CVE-2018-12710 EXPLOITDB HIGH text
D-Link DIR-601 2.02NA - Info Disclosure
An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML.
by Kevin Randall
CVSS 8.0
CVE-2018-15745 EXPLOITDB HIGH text VERIFIED
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.
by hyp3rlinx
CVSS 7.5
CVE-2017-1000499 EXPLOITDB HIGH text VERIFIED
phpMyAdmin <4.7.6.1/4.7.7 - CSRF
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
by VulnSpy
CVSS 8.8
EIP-2026-117518 EXPLOITDB text
Microsoft Windows - Advanced Local Procedure Call (ALPC) Local Privilege Escalation
by SandboxEscaper
EIP-2026-103031 EXPLOITDB text
VirtualBox 5.2.6.r120293 - VM Escape
by Reno Robert
CVE-2018-15535 EXPLOITDB HIGH text VERIFIED
Tecrail Responsive Filemanager < 9.13.4 - Path Traversal
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal.
by Simon Uvarov
CVSS 7.5
EIP-2026-119590 EXPLOITDB text
Firefox 55.0.3 - Denial of Service (PoC)
by L0RD
EIP-2026-119421 EXPLOITDB text
Sentrifugo HRMS 3.2 - 'deptid' SQL Injection
by Javier Olmedo
CVE-2018-15536 EXPLOITDB MEDIUM text VERIFIED
Tecrail Responsive Filemanager < 9.13.4 - Path Traversal
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal.
by Simon Uvarov
CVSS 5.5
CVE-2018-15845 EXPLOITDB HIGH text
Gleezcms Gleez Cms - CSRF
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.
by GunEggWang
CVSS 8.8
CVE-2018-15685 EXPLOITDB HIGH text VERIFIED
Electron < 1.7.16 - Remote Code Execution
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.
by Matt Austin
CVSS 8.1
CVE-2018-12827 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <30.0.0.134 - Info Disclosure
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
by Google Security Research
CVSS 7.5
EIP-2026-101974 EXPLOITDB text
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
by Yorick Koster
CVE-2018-15884 EXPLOITDB HIGH text
Ricoh MP C4504ex Firmware - CSRF
RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
by Ismail Tasdelen
CVSS 8.8
CVE-2018-16159 EXPLOITDB CRITICAL text VERIFIED
Codemenschen Gift Vouchers < 2.0.1 - SQL Injection
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
by Renos Nikolaou
CVSS 9.8
CVE-2018-15740 EXPLOITDB MEDIUM text
Zohocorp Manageengine Admanager Plus - XSS
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
by Ismail Tasdelen
CVSS 6.1
CVE-2018-17139 EXPLOITDB HIGH text
UltimatePOS 2.5 - RCE
UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type.
by Renos Nikolaou
CVSS 8.8
CVE-2018-15608 EXPLOITDB MEDIUM text
Manageengine Admanager Plus - XSS
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.
by Ismail Tasdelen
CVSS 6.1
EIP-2026-102107 EXPLOITDB text VERIFIED
Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)
by cakes
EIP-2026-119413 EXPLOITDB text
PCViewer vt1000 - Directory Traversal
by Berk Dusunur
EIP-2026-112821 EXPLOITDB text
Twitter-Clone 1 - 'code' SQL Injection
by L0RD
EIP-2026-102578 EXPLOITDB text VERIFIED
Epiphany Web Browser 3.28.1 - Denial of Service (PoC)
by Dhiraj Mishra
CVE-2018-0952 EXPLOITDB HIGH text VERIFIED
Microsoft Windows and Visual Studio <2016 - Elevation of Privilege
An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.
by Atredis Partners
CVSS 7.8
EIP-2026-102846 EXPLOITDB text VERIFIED
Ghostscript - Multiple Vulnerabilities
by Google Security Research
By Source
All 31,364 Writeup 53,536 Exploitdb 50,186 Nomisec 21,428 Metasploit 3,228 Github 2,586 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,364 ruby 5,960 python 5,948 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24