Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106406 EXPLOITDB text
Delta Sql 1.8.2 - 'id' SQL Injection
by Ihsan Sencan
CVE-2018-25421 EXPLOITDB MEDIUM text
Open STA Manager 2.3 Arbitrary File Download via Path Traversal
Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensitive system files.
by Ihsan Sencan
CVSS 6.5
CVE-2018-25420 EXPLOITDB HIGH text
AiOPMSD Final 1.0.0 SQL Injection via watch.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
CVE-2018-25419 EXPLOITDB HIGH text
AiOPMSD Final 1.0.0 SQL Injection via genre.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
CVE-2018-25418 EXPLOITDB HIGH text
AiOPMSD Final 1.0.0 SQL Injection via year.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers can send GET requests to year.php with crafted SQL payloads in the year parameter to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
CVE-2018-25417 EXPLOITDB HIGH text
AiOPMSD Final 1.0.0 SQL Injection via quality.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Attackers can send GET requests to quality.php with crafted SQL payloads in the quality parameter to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
CVE-2018-25416 EXPLOITDB HIGH text
AiOPMSD Final 1.0.0 SQL Injection via country.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
CVE-2018-25415 EXPLOITDB HIGH text
AiOPMSD Final 1.0.0 SQL Injection via director Parameter
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attackers can send GET requests to director.php with crafted SQL payloads in the director parameter to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
CVE-2018-25414 EXPLOITDB HIGH text
AiOPMSD Final 1.0.0 SQL Injection via actor.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
CVE-2018-25413 EXPLOITDB HIGH text
AiOPMSD Final 1.0.0 SQL Injection via search.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
CVE-2018-25412 EXPLOITDB CRITICAL text
Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution.
by Ihsan Sencan
CVSS 9.8
CVE-2018-2628 EXPLOITDB CRITICAL java
Oracle WebLogic Server <12.2.1.3 - RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by allyshka
CVSS 9.8
CVE-2018-18704 EXPLOITDB CRITICAL text
PhpTpoint Pharmacy Management System - SQL Injection via index.php Username Parameter
PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter.
by Boumediene KADDOUR
CVSS 9.8
EIP-2026-119577 EXPLOITDB python
BORGChat 1.0.0 build 438 - Denial of Service (PoC)
by Ihsan Sencan
CVE-2018-19459 EXPLOITDB HIGH text
Adult Filter 1.0 - Buffer Overflow via Black Domain List File
Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file.
by AkkuS
CVSS 7.8
CVE-2018-15442 EXPLOITDB HIGH ruby VERIFIED
Cisco Webex Meetings <33.6.4 & Productivity Tools 32.6.0-33.0.6 OS Command Injection
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.
by Metasploit
CVSS 7.8
CVE-2018-15442 EXPLOITDB HIGH ruby VERIFIED
Cisco Webex Meetings <33.6.4 & Productivity Tools 32.6.0-33.0.6 OS Command Injection
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.
by Metasploit
CVSS 7.8
CVE-2018-18419 EXPLOITDB MEDIUM text
ARDAWAN.COM User Management 1.1 - Stored Cross-Site Scripting via Upload Filename
Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI.
by Ismail Tasdelen
CVSS 5.4
EIP-2026-112135 EXPLOITDB text
Simple POS and Inventory 1.0 - 'cat' SQL Injection
by Ihsan Sencan
EIP-2026-112068 EXPLOITDB text
Simple Chat System 1.0 - 'id' SQL Injection
by Ihsan Sencan
CVE-2018-18924 EXPLOITDB HIGH text
ProjeQtOr < 7.2.5 - Remote Code Execution via Image Upload Feature
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.
by AkkuS
CVSS 8.8
EIP-2026-111222 EXPLOITDB text
phptpoint Hospital Management System 1.0 - 'user' SQL injection
by Boumediene KADDOUR
EIP-2026-109603 EXPLOITDB text
MPS Box 0.1.8.0 - 'uuid' SQL Injection
by Ihsan Sencan
CVE-2018-18417 EXPLOITDB MEDIUM text
Ekushey Project Manager CRM 3.1 - Stored Cross-Site Scripting via Client Name Parameter
In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI.
by Ismail Tasdelen
CVSS 5.4
EIP-2026-105936 EXPLOITDB text
ClipBucket 2.8 - 'id' SQL Injection
by Ihsan Sencan