Exploitdb Exploits

31,364 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-0982 EXPLOITDB HIGH text VERIFIED
Microsoft Windows 10 - Incorrect Permission Assignment
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 7.0
EIP-2026-111728 EXPLOITDB text
Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload
by h0n1gsp3cht
CVE-2018-5755 EXPLOITDB MEDIUM text
Open-Xchange OX App Suite <7.6.3-rev3-7.8.4-rev4 - Path Traversal
Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.
by Open-Xchange
CVSS 5.5
CVE-2018-5754 EXPLOITDB MEDIUM text
Open-Xchange OX App Suite <7.8.3-rev12 & <7.8.4-rev9 - XSS
Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard.
by Open-Xchange
CVSS 5.4
CVE-2018-5753 EXPLOITDB MEDIUM text
Open-Xchange OX App Suite <7.6.3-7.8.4 - Info Disclosure
The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address.
by Open-Xchange
CVSS 6.5
CVE-2018-5752 EXPLOITDB HIGH text
Open-Xchange OX App Suite <7.6.3-7.8.4 - SSRF
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.
by Open-Xchange
CVSS 8.8
CVE-2018-5751 EXPLOITDB MEDIUM text
Open-Xchange OX App Suite <7.6.3-7.8.4 - Info Disclosure
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs.
by Open-Xchange
CVSS 6.5
CVE-2017-17062 EXPLOITDB MEDIUM text
Open-xchange Appsuite < 7.6.3 - XSS
The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management.
by Open-Xchange
CVSS 6.5
CVE-2018-5756 EXPLOITDB MEDIUM text
Open-xchange Appsuite < 7.6.3 - Improper Privilege Management
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks.
by Open-Xchange
CVSS 4.3
EIP-2026-114134 EXPLOITDB text
WordPress Plugin Ultimate Form Builder Lite < 1.3.7 - SQL Injection
by defensecode
EIP-2026-113795 EXPLOITDB text
WordPress Plugin Google Map < 4.0.4 - SQL Injection
by defensecode
EIP-2026-108637 EXPLOITDB text
Joomla! Component EkRishta 2.10 - 'username' SQL Injection
by L0RD
CVE-2018-12111 EXPLOITDB MEDIUM text
Canon PrintMe EFI - XSS
Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI.
by Huy Kha
CVSS 6.1
CVE-2018-10969 EXPLOITDB CRITICAL text
Genetechsolutions Pie Register < 3.0.10 - SQL Injection
SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.
by Manuel García Cárdenas
CVSS 9.8
CVE-2018-12055 EXPLOITDB CRITICAL text
PHP Scripts Mall Schools Alert Mgmt - SQL Injection
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.
by M3@Pandas
CVSS 9.8
CVE-2018-12054 EXPLOITDB HIGH text
PHP Scripts Mall Schools Alert Mgt - Path Traversal
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.
by M3@Pandas
CVSS 7.5
CVE-2018-12053 EXPLOITDB HIGH text
PHP Scripts Mall Schools Alert Mgmt - Path Traversal
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.
by M3@Pandas
CVSS 7.5
CVE-2018-12052 EXPLOITDB CRITICAL text
PHP Scripts Mall Schools Alert Mgt - SQL Injection
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.
by M3@Pandas
CVSS 9.8
EIP-2026-108636 EXPLOITDB text
Joomla! Component EkRishta 2.10 - 'cid' SQL Injection
by 41!kh4224rDz
EIP-2026-106934 EXPLOITDB text
Event Manager Admin panel - 'events_new.php' SQL injection
by telahdihapus
CVE-2018-10507 EXPLOITDB MEDIUM text VERIFIED
Trend Micro OfficeScan <11.0 SP1 - Privilege Escalation
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.
by hyp3rlinx
CVSS 4.4
CVE-2018-6129 EXPLOITDB MEDIUM text VERIFIED
Google Chrome <67.0.3396.62 - Memory Corruption
Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
by Google Security Research
CVSS 6.5
CVE-2018-6130 EXPLOITDB MEDIUM text VERIFIED
Google Chrome <67.0.3396.62 - Memory Corruption
Incorrect handling of object lifetimes in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
by Google Security Research
CVSS 6.5
CVE-2018-11409 EXPLOITDB MEDIUM text
Splunk < 7.0.1 - Information Disclosure
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
by KoF2002
CVSS 5.3
CVE-2018-11544 EXPLOITDB CRITICAL text
Theolivetree FTP Server - Insufficiently Protected Credentials
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.
by ManhNho
CVSS 9.8
By Source
All 31,364 Writeup 54,687 Exploitdb 50,186 Nomisec 21,443 Metasploit 3,228 Github 2,587 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,364 ruby 5,960 python 5,949 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24