Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-118175 EXPLOITDB python
XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode)
by Semen Alexandrovich Lyhin
CVE-2018-15437 EXPLOITDB MEDIUM c VERIFIED
Cisco Immunet & AMP for Endpoints - Resource Consumption in System Scanning
A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and protected by Cisco Immunet or Cisco AMP for Endpoints and executing a malicious file. A successful exploit could allow the attacker to prevent the scanning services from functioning properly and ultimately prevent the system from being protected from further intrusion.
by hyp3rlinx
CVSS 5.5
EIP-2026-113316 EXPLOITDB text
Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)
by Ihsan Sencan
EIP-2026-112501 EXPLOITDB text
Surreal ToDo 0.6.1.2 - SQL Injection
by Ihsan Sencan
EIP-2026-112173 EXPLOITDB text
SIPve 0.0.2-R19 - SQL Injection
by Ihsan Sencan
CVE-2018-19135 EXPLOITDB HIGH text
Clippercms - Cross-Site Request Forgery
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files" directory.
by Ameer Pornillos
CVSS 8.8
CVE-2018-18774 EXPLOITDB MEDIUM text
Webpanel < 0.9.8.740 - XSS
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.
by InfinitumIT
CVSS 6.1
EIP-2026-103364 EXPLOITDB python
CuteFTP Mac 3.1 - Denial of Service (PoC)
by Yair Rodríguez Aparicio
CVE-2018-14665 EXPLOITDB MEDIUM python
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
by bolonobolo
CVSS 6.6
CVE-2017-1000083 EXPLOITDB HIGH text VERIFIED
Evince CBT File Command Injection
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
by Matlink
CVSS 7.8
CVE-2018-25430 EXPLOITDB HIGH text
Paroiciel 11.20 - Authenticated SQL Injection via eGeqIdEquipe Parameter
Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers can send GET requests to the egeq.php endpoint with crafted SQL payloads to extract sensitive database information including version details and other data.
by Ihsan Sencan
CVSS 7.1
CVE-2018-25429 EXPLOITDB HIGH text
Paroiciel 11.20 - Authenticated SQL Injection via zProIdPro Parameter
Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract sensitive database information including usernames, databases, and version details.
by Ihsan Sencan
CVSS 7.1
CVE-2018-25428 EXPLOITDB HIGH text
Paroiciel 11.20 - Unauthenticated SQL Injection via tRecIdListe Parameter
Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database information including table and column names.
by Ihsan Sencan
CVSS 8.2
CVE-2018-25231 EXPLOITDB MEDIUM python
HeidiSQL 9.5.0.5196 Denial of Service via Preferences
HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers can input a buffer-overflow payload through the SQL log file path field in Preferences > Logging to trigger an application crash.
by Victor Mondragón
CVSS 6.2
CVE-2018-25196 EXPLOITDB HIGH text
ServerZilla 1.0 - Unauthenticated SQL Injection via Email Parameter
ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to reset.php with malicious email values containing SQL operators to bypass authentication and extract sensitive database information.
by Ihsan Sencan
CVSS 8.2
CVE-2018-25194 EXPLOITDB HIGH text
Nominas 0.27 - Unauthenticated SQL Injection via Username Parameter
Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can send POST requests to the login/checklogin.php endpoint with crafted UNION-based SQL injection payloads to extract database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
CVE-2018-25193 EXPLOITDB HIGH python
Mongoose Web Server 6.9 - Denial of Service via Multiple Socket Connections
Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability.
by Ihsan Sencan
CVSS 7.5
CVE-2018-25192 EXPLOITDB HIGH text
GPS Tracking System 2.12 - SQL Injection
GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit crafted POST requests to the login.php endpoint with SQL injection payloads in the username field to gain unauthorized access without valid credentials.
by Ihsan Sencan
CVSS 8.2
CVE-2018-25191 EXPLOITDB HIGH text
Facturation System 1.0 - SQL Injection
Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod_id' parameter. Attackers can send POST requests to the editar_producto.php endpoint with crafted SQL payloads in the mod_id parameter to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 7.1
CVE-2018-25190 EXPLOITDB MEDIUM text
Easyndexer 1.0 - Unauthenticated Cross-Site Request Forgery via createuser.php
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that submit POST requests to createuser.php with parameters including username, password, name, surname, and privileges set to 1 for administrator access.
by Ihsan Sencan
CVSS 5.3
CVE-2018-25189 EXPLOITDB HIGH text
Data Center Audit 2.6.2 - SQL Injection
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
CVE-2018-18406 EXPLOITDB CRITICAL text
Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179 - XML External Entity Injection in Audit Report Module
An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response doesn't directly display a requested file, but rather returns it inside the name data field when the report is saved. An attacker is able to view restricted operating system files. This issue affects all types of users: administrators or normal users.
by Konstantinos Alexiou
CVSS 9.9
CVE-2018-19043 EXPLOITDB MEDIUM text
Media File Manager 1.4.2 - Path Traversal and Arbitrary File Renaming via mrelocator_rename Action
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI.
by Pasquale Turi
CVSS 5.3
CVE-2018-19042 EXPLOITDB MEDIUM text
Media File Manager 1.4.2 - Path Traversal via mrelocator_move Action
The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI.
by Pasquale Turi
CVSS 5.3
CVE-2018-19041 EXPLOITDB MEDIUM text
Media File Manager 1.4.2 - Cross-Site Scripting via dir Parameter in mrelocator_getdir Action
The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.
by Pasquale Turi
CVSS 6.1