Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-119583 EXPLOITDB python
CuteFTP 9.3.0.3 - Denial of Service (PoC)
by Ismael Nava
CVE-2018-19040 EXPLOITDB MEDIUM text
Media File Manager 1.4.2 - Directory Listing via Path Traversal in dir Parameter
The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI.
by Pasquale Turi
CVSS 5.3
EIP-2026-112633 EXPLOITDB text
The Don 1.0.1 - 'login' SQL Injection
by Ihsan Sencan
EIP-2026-102054 EXPLOITDB ruby
TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)
by Wadeek
EIP-2026-101616 EXPLOITDB text
D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery
by hyp3rlinx
EIP-2026-117548 EXPLOITDB c++
Microsoft Windows 10 (Build 17134) - Local Privilege Escalation (UAC Bypass)
by Tenable NS
CVE-2018-25197 EXPLOITDB HIGH text
PlayJoom 0.10.1 - Unauthenticated SQL Injection via catid Parameter
PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with option=com_playjoom&view=genre&catid=[SQL] to extract sensitive database information including usernames, databases, and version details.
by Ihsan Sencan
CVSS 8.2
CVE-2016-7567 EXPLOITDB CRITICAL text
OpenSLP 2.0 - Buffer Overflow in SLPFoldWhiteSpace
Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.
by Magnus Klaaborg Stubman
CVSS 9.8
CVE-2018-25427 EXPLOITDB CRITICAL python
Arm Whois 3.11 - Stack-based Buffer Overflow via Oversized IP/Domain Input
Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception handler and gain command execution when the application processes the input.
by Semen Alexandrovich Lyhin
CVSS 9.8
CVE-2018-25209 EXPLOITDB HIGH text
OpenBiz Cubi Lite 3.0.8 SQL Injection via username Parameter
OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers to manipulate database queries through the username parameter. Attackers can submit POST requests to /bin/controller.php with malicious SQL code in the username field to extract sensitive database information or bypass authentication.
by AkkuS
CVSS 8.2
CVE-2018-25200 EXPLOITDB MEDIUM text
OOP CMS BLOG 1.0 - Unauthenticated Cross-Site Request Forgery via addUser.php
OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and role set to administrative privileges to gain unauthorized access.
by Ihsan Sencan
CVSS 5.3
CVE-2018-25199 EXPLOITDB HIGH text
OOP CMS BLOG 1.0 - Unauthenticated SQL Injection via Search Parameter
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id parameter in posts.php to extract database information including table names, schema names, and database credentials.
by Ihsan Sencan
CVSS 8.2
CVE-2018-25198 EXPLOITDB MEDIUM python
eToolz 3.4.8.0 - Denial of Service via Oversized Input Buffer
eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing 255 bytes of data that triggers a buffer overflow condition when processed by the application.
by Ihsan Sencan
CVSS 6.2
EIP-2026-119576 EXPLOITDB python
Blue Server 1.1 - Denial of Service (PoC)
by Ihsan Sencan
EIP-2026-116514 EXPLOITDB python
VSAXESS V2.6.2.70 build20171226_053 - 'organization' Denial of Service (PoC)
by Diego Santamaria
EIP-2026-114793 EXPLOITDB ruby VERIFIED
Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)
by Metasploit
EIP-2026-114792 EXPLOITDB ruby VERIFIED
Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)
by Metasploit
EIP-2026-109116 EXPLOITDB text
LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions
by Carlos Avila
EIP-2026-107505 EXPLOITDB text
Grocery crud 1.6.1 - 'search_field' SQL Injection
by Loading Kura Kura
CVE-2018-10517 EXPLOITDB HIGH python
CMS Made Simple < 2.2.7 - Authenticated Remote Code Execution via Module Import XML Package
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
by Lucian Ioan Nitescu
CVSS 7.2
CVE-2018-9206 EXPLOITDB CRITICAL ruby VERIFIED
Blueimp jQuery-File-Upload <=9.22.0 - File Upload
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
by Metasploit
CVSS 9.8
CVE-2018-4366 EXPLOITDB HIGH text VERIFIED
iPhone OS < 12.1 - Memory Corruption via Improved Input Validation
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.
by Google Security Research
CVSS 7.5
CVE-2018-4367 EXPLOITDB CRITICAL text VERIFIED
iPhone OS < 12.1 - Memory Corruption via Improved Input Validation
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.
by Google Security Research
CVSS 9.8
CVE-2018-18957 EXPLOITDB CRITICAL text
libiec61850 1.3 - Stack-based Buffer Overflow in prepareGooseBuffer
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c.
by Dhiraj Mishra
CVSS 9.8
CVE-2018-4384 EXPLOITDB HIGH text VERIFIED
iPhone OS < 12.1 and watchOS < 5.1 - Memory Corruption
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, watchOS 5.1.
by Google Security Research
CVSS 7.8