Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-5756 EXPLOITDB MEDIUM text
Open-xchange Appsuite < 7.6.3 - Improper Privilege Management
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks.
by Open-Xchange
CVSS 4.3
EIP-2026-113795 EXPLOITDB text
WordPress Plugin Google Map < 4.0.4 - SQL Injection
by defensecode
CVE-2018-12111 EXPLOITDB MEDIUM text
Canon EFI PrintMe - Stored Cross-Site Scripting via PATH_INFO to /wt3/mydocs.php
Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI.
by Huy Kha
CVSS 6.1
CVE-2018-25348 EXPLOITDB HIGH text
Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail
Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the user_detail view with malicious cid values containing SQL commands to extract sensitive database information.
by 41!kh4224rDz
CVSS 8.2
CVE-2018-10969 EXPLOITDB CRITICAL text
Pie Register < 3.0.10 - SQL Injection via Invitation Codes Grid
SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.
by Manuel García Cárdenas
CVSS 9.8
CVE-2018-12055 EXPLOITDB CRITICAL text
PHP Scripts Mall Schools Alert Mgmt - SQL Injection
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.
by M3@Pandas
CVSS 9.8
CVE-2018-12054 EXPLOITDB HIGH text
PHP Scripts Mall Schools Alert Mgt - Path Traversal
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.
by M3@Pandas
CVSS 7.5
CVE-2018-12053 EXPLOITDB HIGH text
PHP Scripts Mall Schools Alert Mgmt - Path Traversal
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.
by M3@Pandas
CVSS 7.5
CVE-2018-12052 EXPLOITDB CRITICAL text
PHP Scripts Mall Schools Alert Mgt - SQL Injection
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.
by M3@Pandas
CVSS 9.8
EIP-2026-106934 EXPLOITDB text
Event Manager Admin panel - 'events_new.php' SQL injection
by telahdihapus
CVE-2018-10507 EXPLOITDB MEDIUM text VERIFIED
Trend Micro OfficeScan <11.0 SP1 - Privilege Escalation
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.
by hyp3rlinx
CVSS 4.4
CVE-2018-6129 EXPLOITDB MEDIUM text VERIFIED
Google Chrome <67.0.3396.62 - Memory Corruption
Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
by Google Security Research
CVSS 6.5
CVE-2018-6130 EXPLOITDB MEDIUM text VERIFIED
Google Chrome <67.0.3396.62 - Memory Corruption
Incorrect handling of object lifetimes in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
by Google Security Research
CVSS 6.5
CVE-2018-11409 EXPLOITDB MEDIUM text
Splunk < 7.0.1 - Unauthenticated Information Disclosure via Server Info Endpoint
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
by KoF2002
CVSS 5.3
CVE-2018-25347 EXPLOITDB HIGH text
WordPress Contact Form Maker Plugin 1.12.20 SQL Injection
WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_fmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'search_labels' parameters to extract sensitive database information or escalate privileges.
by defensecode
CVSS 7.1
CVE-2018-25346 EXPLOITDB HIGH text
WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php
WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generete_csv actions. Attackers can submit POST requests with malicious SQL payloads in the name and search_labels parameters to extract, modify, or escalate privileges within the WordPress database.
by defensecode
CVSS 7.1
CVE-2018-11544 EXPLOITDB CRITICAL text
The Olive Tree Ftp Server 1.32 - Insufficiently Protected Credentials in Shared Preferences
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.
by ManhNho
CVSS 9.8
EIP-2026-113178 EXPLOITDB text
WampServer 3.0.6 - Cross-Site Request Forgery
by L0RD
CVE-2018-7584 EXPLOITDB CRITICAL text VERIFIED
PHP < 5.6.33, 7.0.x < 7.0.28, 7.1.x <= 7.1.14, 7.2.x <= 7.2.2 - Stack-Based Buffer Under-Read in HTTP Response Parsing
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.
by Wei Lei and Liu Yang
CVSS 9.8
CVE-2018-4241 EXPLOITDB HIGH text VERIFIED
Apple tvOS < 11.4 - Kernel Buffer Overflow in mptcp_usr_connectx
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcp_usr_connectx allows attackers to execute arbitrary code in a privileged context via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2018-11715 EXPLOITDB MEDIUM text VERIFIED
Recent Threads < 1.1 - Cross-Site Scripting via Thread Subject
The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject.
by 0xB9
CVSS 5.4
CVE-2018-11646 EXPLOITDB HIGH text
WebKitGTK+ <2.21.3 - Use After Free
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash.
by Dhiraj Mishra
CVSS 7.5
CVE-2018-11412 EXPLOITDB MEDIUM text
Linux Kernel 4.13-4.16.11 - Use-After-Free in ext4_read_inline_data
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
by Google Security Research
CVSS 5.9
CVE-2018-11586 EXPLOITDB CRITICAL text
SearchBlox 8.6.7 - Unauthenticated XML External Entity Injection via REST API Status Endpoint
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
by Ahmet Gurel
CVSS 9.8
CVE-2018-11628 EXPLOITDB MEDIUM text
EMS Master Calendar < 8.0.0.201805210 - Cross-Site Scripting via URL Parameters
Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.
by Chris Barretto
CVSS 6.1