Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-100692 EXPLOITDB ruby VERIFIED
Morris Worm - fingerd Stack Buffer Overflow (Metasploit)
by Metasploit
EIP-2026-100691 EXPLOITDB ruby VERIFIED
Morris Worm - fingerd Stack Buffer Overflow (Metasploit)
by Metasploit
CVE-2018-25232 EXPLOITDB MEDIUM python
Softros LAN Messenger 9.2 Denial of Service via Log Files Location
Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location custom path parameter to trigger a crash when the OK button is clicked.
by Victor Mondragón
CVSS 5.5
CVE-2018-15705 EXPLOITDB MEDIUM python
Advantech WebAccess 8.3.1-8.3.2 - Authenticated Path Traversal and Arbitrary File Write via WADashboard writeFile API
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.
by Chris Lyne
CVSS 6.5
CVE-2018-18858 EXPLOITDB HIGH c
LiquidVPN < 1.37 - Local Privilege Escalation via Unprotected XPC Service
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "tun_path" or "tap_path" pathname within a shell command.
by Bernd Leitner
CVSS 7.8
CVE-2018-18857 EXPLOITDB HIGH c
LiquidVPN < 1.37 - Unauthenticated OS Command Injection via XPC Service
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "command_line" parameter as a shell command.
by Bernd Leitner
CVSS 7.8
CVE-2018-18856 EXPLOITDB HIGH c
LiquidVPN < 1.37 - Local Privilege Escalation via Unprotected XPC Service
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "openvpncmd" parameter as a shell command.
by Bernd Leitner
CVSS 7.8
CVE-2018-19037 EXPLOITDB HIGH python
Virgin Media Hub 3.0 Firmware - Denial of Service via Web Interface POST Requests
On Virgin Media wireless router 3.0 hub devices, the web interface is vulnerable to denial of service. When POST requests are sent and keep the connection open, the router lags and becomes unusable to anyone currently using the web interface.
by Ross Inman
CVSS 7.5
EIP-2026-117498 EXPLOITDB text
Microsoft Internet Explorer 11 - Null Pointer Dereference
by LiquidWorm
EIP-2026-113384 EXPLOITDB text
WebVet 0.1a - 'id' SQL Injection
by Ihsan Sencan
EIP-2026-113142 EXPLOITDB text
Voovi Social Networking Script 1.0 - 'user' SQL Injection
by Ihsan Sencan
EIP-2026-112039 EXPLOITDB text
SiAdmin 1.1 - 'id' SQL Injection
by Ihsan Sencan
EIP-2026-111407 EXPLOITDB text
Poppy Web Interface Generator 0.8 - Arbitrary File Upload
by Ihsan Sencan
CVE-2018-19458 EXPLOITDB HIGH python
php-proxy 3.0.3 - Unauthenticated Local File Inclusion via index.php q Parameter
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
by AkkuS
CVSS 7.5
EIP-2026-109555 EXPLOITDB text
Mongo Web Admin 6.0 - Information Disclosure
by Ihsan Sencan
CVE-2018-18859 EXPLOITDB HIGH c
LiquidVPN < 1.37 - Local Privilege Escalation via Unprotected XPC Service
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the value of the "tun_path" or "tap_path" pathname in a kextload() call.
by Bernd Leitner
CVSS 7.8
CVE-2018-18865 EXPLOITDB HIGH html
Royal TS < 4.3.60728 and TSX < 3.3.1 - Credentials Disclosure
The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure.
by Jakub Palaczynski
CVSS 8.1
CVE-2018-15707 EXPLOITDB MEDIUM python
Advantech WebAccess 8.3.1 and 8.3.2 - Cross-Site Scripting in Bwmainleft.asp
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.
by Chris Lyne
CVSS 5.4
CVE-2018-25426 EXPLOITDB HIGH python
WinMTR 0.91 Denial of Service via Buffer Overflow
WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Attackers can create a specially crafted input file with 238 bytes of data to trigger a buffer overflow condition that causes the application to crash.
by Ihsan Sencan
CVSS 7.5
CVE-2018-25425 EXPLOITDB HIGH text
Yot CMS 3.3.1 - SQL Injection via aid and cid Parameters
Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extract database information including table and column names.
by Ihsan Sencan
CVSS 8.2
CVE-2018-25424 EXPLOITDB HIGH text
Gate Pass Management System 2.1 SQL Injection via login-exec.php
Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form parameters to authenticate without valid credentials and gain access to the application.
by Ihsan Sencan
CVSS 8.2
CVE-2018-25208 EXPLOITDB HIGH text
qdPM 9.1 SQL Injection via filter_by Parameters
qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filter_by parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filter_by[CommentCreatedFrom] and filter_by[CommentCreatedTo] parameters to execute arbitrary SQL queries and retrieve sensitive data.
by AkkuS
CVSS 8.2
CVE-2018-25135 EXPLOITDB CRITICAL text
Anviz AIM CrossChex Standard 4.3.6.0 - Code Injection
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.
by LiquidWorm
CVSS 9.8
EIP-2026-119625 EXPLOITDB python
Zint Barcode Generator 2.6 - Denial of Service (PoC)
by Ihsan Sencan
EIP-2026-119579 EXPLOITDB python
CdCatalog 2.3.1 - Denial of Service (PoC)
by Ihsan Sencan