Exploitdb Exploits

31,364 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-6226 EXPLOITDB MEDIUM text VERIFIED
Trendmicro Email Encryption Gateway - XSS
Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems.
by Core Security
CVSS 5.4
CVE-2018-6225 EXPLOITDB MEDIUM text VERIFIED
Trendmicro Email Encryption Gateway - XXE
An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.
by Core Security
CVSS 4.3
CVE-2018-6224 EXPLOITDB HIGH text VERIFIED
Trendmicro Email Encryption Gateway - CSRF
A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain.
by Core Security
CVSS 8.8
CVE-2018-6223 EXPLOITDB CRITICAL text VERIFIED
Trendmicro Email Encryption Gateway - Missing Authentication
A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters.
by Core Security
CVSS 9.8
CVE-2018-6222 EXPLOITDB HIGH text VERIFIED
Trendmicro Email Encryption Gateway - OS Command Injection
Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system.
by Core Security
CVSS 7.8
CVE-2018-6221 EXPLOITDB HIGH text VERIFIED
Trendmicro Email Encryption Gateway - Improper Certificate Validation
An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own.
by Core Security
CVSS 8.1
CVE-2018-6220 EXPLOITDB CRITICAL text VERIFIED
Trendmicro Email Encryption Gateway - Injection
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems.
by Core Security
CVSS 9.8
CVE-2018-6219 EXPLOITDB MEDIUM text VERIFIED
Trendmicro Email Encryption Gateway - Improper Certificate Validation
An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data.
by Core Security
CVSS 6.5
EIP-2026-119412 EXPLOITDB text
Parallels Remote Application Server 15.5 - Path Traversal
by Nicolas Markitanis
CVE-2018-7289 EXPLOITDB LOW text
Armadito 0.12.7.2 - Info Disclosure
An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file for scanning after the conversion is done from Unicode to ANSI. This happens because characters that cannot be converted from Unicode are replaced with '?' characters.
by Souhail Hammou
CVSS 3.3
CVE-2018-7317 EXPLOITDB HIGH text
Christianwebministries Proclaim - Information Disclosure
Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/.
by Ihsan Sencan
CVSS 7.5
CVE-2018-7316 EXPLOITDB CRITICAL text
Christianwebministries Proclaim - Unrestricted File Upload
Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7314 EXPLOITDB CRITICAL text
Mlwebtechnologies Prayercenter - SQL Injection
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7319 EXPLOITDB CRITICAL text
OS Property Real Estate - SQL Injection
SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7315 EXPLOITDB CRITICAL text
Harmistechnology EK Rishta - SQL Injection
SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7313 EXPLOITDB CRITICAL text
Cwjoomla CW Tags - SQL Injection
SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7318 EXPLOITDB CRITICAL text
Belitsoft Checklist - SQL Injection
SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7312 EXPLOITDB CRITICAL text
Alexandriabooklibrary Alexandria Book Library - SQL Injection
SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6230 EXPLOITDB MEDIUM text VERIFIED
Trendmicro Email Encryption Gateway - SQL Injection
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
by Core Security
CVSS 6.8
CVE-2018-0826 EXPLOITDB HIGH text VERIFIED
Windows Storage Services - Privilege Escalation
Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
CVE-2018-0823 EXPLOITDB HIGH text VERIFIED
Windows 10 <1709 - Privilege Escalation
The Named Pipe File System in Windows 10 version 1709 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Named Pipe File System handles objects, aka "Named Pipe File System Elevation of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
CVE-2018-0822 EXPLOITDB HIGH text VERIFIED
NTFS - Privilege Escalation
NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
CVE-2018-0821 EXPLOITDB HIGH text VERIFIED
Microsoft Windows 10 - Improper Privilege Management
AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
EIP-2026-104143 EXPLOITDB text VERIFIED
μTorrent (uTorrent) Classic/Web - JSON-RPC Remote Code Execution / Information Disclosure
by Google Security Research
CVE-2018-7198 EXPLOITDB MEDIUM text
October < 1.0.431 - XSS
October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.
by Samrat Das
CVSS 6.1
By Source
All 31,364 Writeup 55,491 Exploitdb 50,186 Nomisec 21,460 Metasploit 3,228 Github 2,591 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,364 ruby 5,960 python 5,953 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24