Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-12529 EXPLOITDB HIGH text
Intex N150 Firmware - Cross-Site Request Forgery
An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings.
by Samrat Das
CVSS 8.8
CVE-2018-12529 EXPLOITDB HIGH text
Intex N150 Firmware - Cross-Site Request Forgery
An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings.
by Samrat Das
CVSS 8.8
CVE-2018-12528 EXPLOITDB HIGH text
Intex N150 Firmware - Unrestricted Upload of Dangerous File Type via Backup/Restore Function
An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router firmware settings or even the uploading of malicious files. In order to exploit the vulnerability, an attacker can upload any malicious file and force reboot the router with it.
by Samrat Das
CVSS 8.1
CVE-2018-9958 EXPLOITDB HIGH text VERIFIED
Foxit Reader and PhantomPDF < 9.0.1.1049 - Remote Code Execution via Text Annotation Point Attribute
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620.
by mr_me
CVSS 8.8
CVE-2018-12636 EXPLOITDB HIGH text
iThemes Security <7.0.3 - SQL Injection
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
by Çlirim Emini
CVSS 7.2
CVE-2018-11526 EXPLOITDB HIGH text
WordPress Comments Import & Export <2.0.4 - Code Injection
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.
by Bhushan B. Patil
CVSS 7.8
CVE-2018-11525 EXPLOITDB HIGH text
Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.
by Bhushan B. Patil
CVSS 7.8
CVE-2018-12904 EXPLOITDB MEDIUM text VERIFIED
Linux Kernel < 4.17.2 - Denial of Service via Nested Virtualization VMEXIT
In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.
by Google Security Research
CVSS 4.9
CVE-2018-13032 EXPLOITDB HIGH text
ECESSA ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery via cgi-bin/pl_web.cgi/util_configlogin_act
ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI.
by LiquidWorm
CVSS 8.8
CVE-2018-12705 EXPLOITDB MEDIUM text
DIGISOL DG-BR4000NG - Stored Cross-Site Scripting via SSID Parameter
DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).
by Adipta Basu
CVSS 6.1
EIP-2026-101533 EXPLOITDB text
AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)
by Wadeek
CVE-2018-12706 EXPLOITDB CRITICAL text
DIGISOL DG-BR4000NG - Buffer Overflow
DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.
by Adipta Basu
CVSS 9.8
CVE-2018-12689 EXPLOITDB CRITICAL text
phpLDAPadmin 1.2.2 - LDAP Injection via Login Form Parameters
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
by Berk Dusunur
CVSS 9.8
CVE-2018-12613 EXPLOITDB HIGH text VERIFIED
phpMyAdmin 4.8.x <4.8.2 - Code Injection
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).
by VulnSpy
CVSS 8.8
CVE-2018-12604 EXPLOITDB HIGH text
GreenCMS 2.3.0603 - Info Disclosure
GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log.
by vr_system
CVSS 7.5
CVE-2018-12617 EXPLOITDB HIGH text
QEMU Guest Agent <2.12.50 - Memory Corruption
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.
by Fakhri Zulkifli
CVSS 7.5
CVE-2018-12613 EXPLOITDB HIGH text VERIFIED
phpMyAdmin 4.8.x <4.8.2 - Code Injection
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).
by ChaMd5
CVSS 8.8
EIP-2026-103095 EXPLOITDB text
Dell EMC RecoverPoint < 5.1.2 - Remote Root Command Execution
by Paul Taylor
EIP-2026-103094 EXPLOITDB text
Dell EMC RecoverPoint < 5.1.2 - Remote Root Command Execution
by Paul Taylor
CVE-2018-1235 EXPLOITDB CRITICAL text
Dell EMC RecoverPoint < 5.1.2 and RecoverPoint for Virtual Machines < 5.1.1.3 - Unauthenticated OS Command Injection
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege.
by Paul Taylor
CVSS 9.8
CVE-2018-12630 EXPLOITDB CRITICAL text
nmark NMCMS 2.1 - SQL Injection via sect_id Parameter
NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.
by Berk Dusunur
CVSS 9.8
CVE-2018-12524 EXPLOITDB MEDIUM text
perfSONAR MaDDash <2.0.2 - Info Disclosure
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing.
by ManhNho
CVSS 5.3
CVE-2018-12523 EXPLOITDB MEDIUM text
perfSONAR MaDDash <2.0.2 - Info Disclosure
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing.
by ManhNho
CVSS 5.3
CVE-2018-12522 EXPLOITDB MEDIUM text
perfSONAR MaDDash <2.0.2 - Info Disclosure
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing.
by ManhNho
CVSS 5.3
EIP-2026-119450 EXPLOITDB text
VideoInsight WebClient 5 - SQL Injection
by vosec