Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-107873 EXPLOITDB text
Instagram Clone 1.0 - Arbitrary File Upload
by Ihsan Sencan
EIP-2026-106959 EXPLOITDB text
Expense Management 1.0 - Arbitrary File Upload
by Ihsan Sencan
EIP-2026-106822 EXPLOITDB text
Electricks eCommerce 1.0 - 'prodid' SQL Injection
by Ihsan Sencan
EIP-2026-105850 EXPLOITDB text
CI User Login and Management 1.0 - Arbitrary File Upload
by Ihsan Sencan
EIP-2026-105258 EXPLOITDB text
Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection
by Ihsan Sencan
CVE-2018-14665 EXPLOITDB MEDIUM bash
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
by Marco Ivaldi
CVSS 6.6
EIP-2026-104013 EXPLOITDB python
Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass
by Adam Brown
EIP-2026-102738 EXPLOITDB text
SIPp 3.3.990 - Local Buffer Overflow (PoC)
by Nawaf Alkeraithe
CVE-2018-18777 EXPLOITDB MEDIUM text
Microstrategy Web 7 - Authenticated Path Traversal via subpage Parameter
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.
by Rafael Pedrero
CVSS 4.3
EIP-2026-101874 EXPLOITDB text
Netgear WiFi Router R6120 - Credential Disclosure
by Wadeek
EIP-2026-101119 EXPLOITDB php
ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure
by numan türle
CVE-2018-25422 EXPLOITDB HIGH text VERIFIED
MOGG web simulator Script All Version SQL Injection via play.php
MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract sensitive database information including usernames and other data.
by Meisam Monsef
CVSS 8.2
CVE-2018-18822 EXPLOITDB CRITICAL text
Grapixel New Media v2.0 - SQL Injection via pages.aspx pageref Parameter
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.
by Berk Dusunur
CVSS 9.8
CVE-2018-18802 EXPLOITDB HIGH text
Welcome to our Resort 1.0 - Cross-Site Request Forgery via User Edit Action
The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/mod_users/controller.php?action=edit.
by Ihsan Sencan
CVSS 8.8
CVE-2018-18758 EXPLOITDB CRITICAL text
Open Faculty Evaluation System 7 - SQL Injection via submit_feedback.php
Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18757.
by Ihsan Sencan
CVSS 9.8
CVE-2018-18757 EXPLOITDB CRITICAL text
Open Faculty Evaluation System 5.6 - SQL Injection via submit_feedback.php
Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758.
by Ihsan Sencan
CVSS 9.8
CVE-2018-10711 EXPLOITDB HIGH text
ASRock RGBLED <1.0.35.1, A-Tuning/F-Stream <3.0.210, RestartToUEFI <1.0.6.2 - Ring-0 Code Execution via MSR
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.
by SecureAuth
CVSS 7.8
CVE-2018-10710 EXPLOITDB HIGH text
Asrock A-tuning < 3.0.210 - Incorrect Permission Assignment
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
by SecureAuth
CVSS 7.1
CVE-2018-10709 EXPLOITDB HIGH text
ASRock RGBLED <1.0.35.1, A-Tuning/F-Stream <3.0.210, RestartToUEFI <1.0.6.2 - Privilege Escalation via CR Register
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
by SecureAuth
CVSS 7.8
EIP-2026-119651 EXPLOITDB
School Equipment Monitoring System 1.0 - 'login' SQL Injection
by Ihsan Sencan
EIP-2026-119598 EXPLOITDB python VERIFIED
Navicat 12.0.29 - 'SSH' Denial of Service (PoC)
by Rafael Alfaro
EIP-2026-119593 EXPLOITDB python
Local Server 1.0.9 - Denial of Service (PoC)
by Ihsan Sencan
EIP-2026-119573 EXPLOITDB python VERIFIED
AlienIP 2.41 - Denial of Service (PoC)
by Arturo de la Cruz Tellez
EIP-2026-119544 EXPLOITDB perl
Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC)
by Kağan Çapar
CVE-2018-18759 EXPLOITDB HIGH text
Modbus Slave 7.0.0 - Buffer Overflow
Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow.
by Ihsan Sencan
CVSS 7.5