Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-25397 EXPLOITDB MEDIUM text
PHP-SHOP 1.0 Cross-Site Request Forgery via users.php
PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST requests to the users.php endpoint with parameters like name, email, password, and permissions set to admin to create unauthorized admin accounts.
by Alireza Norkazemi
CVSS 5.3
CVE-2018-18527 EXPLOITDB CRITICAL text
OwnTicket 2018-05-23 - SQL Injection via showTicketId or editTicketStatusId Parameter
OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter.
by Ihsan Sencan
CVSS 9.8
EIP-2026-109090 EXPLOITDB text
Learning with Texts 1.6.2 - 'start' SQL Injection
by Ihsan Sencan
CVE-2018-10933 EXPLOITDB CRITICAL python
libssh Authentication Bypass Scanner
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
by Dayanç Soyadlı
CVSS 9.1
CVE-2018-25138 EXPLOITDB CRITICAL text
FLIR AX8 Thermal Camera 1.32.16 - Auth Bypass
FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and password combinations.
by LiquidWorm
CVSS 9.8
EIP-2026-119511 EXPLOITDB python VERIFIED
Any Sound Recorder 2.93 - Buffer Overflow (SEH)
by Abdullah Alıç
EIP-2026-119510 EXPLOITDB python VERIFIED
Any Sound Recorder 2.93 - Buffer Overflow (SEH)
by Abdullah Alıç
EIP-2026-112689 EXPLOITDB text
Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)
by Ihsan Sencan
EIP-2026-112688 EXPLOITDB text
Time and Expense Management System 3.0 - 'table' SQL Injection
by Ihsan Sencan
CVE-2018-18308 EXPLOITDB MEDIUM text
BigTree CMS 4.2.23 - Stored Cross-Site Scripting in Image Upload Area
In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area).
by Ismail Tasdelen
CVSS 6.1
CVE-2018-18428 EXPLOITDB HIGH text
TP-Link TL-SC3130 1.6.18P12_121101 - Unauthenticated Exposure of Sensitive Information via RTSP Stream
TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI.
by LiquidWorm
CVSS 7.5
CVE-2018-25396 EXPLOITDB HIGH bash
Heatmiser Wifi Thermostat 1.7 Credential Disclosure via networkSetup.htm
Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values from HTML form fields to gain administrative access to the thermostat.
by d0wnp0ur
CVSS 7.5
CVE-2018-25395 EXPLOITDB HIGH text
Kados R10 GreenBee SQL Injection via update_feature.php
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature_id parameter of boards_buttons/update_feature.php. The feature_id value is concatenated directly into SQL statements without sanitization, allowing attackers to send a crafted GET request with a UNION-based payload to extract sensitive database information including the current user, database name, and DBMS version.
by Ihsan Sencan
CVSS 8.2
CVE-2018-25394 EXPLOITDB HIGH text
Kados R10 GreenBee SQL Injection via update_release.php
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release_id parameter of boards_buttons/update_release.php. The release_id value is concatenated directly into SQL statements without sanitization, allowing attackers to send a crafted GET request with a UNION-based payload to extract sensitive database information including the current user, database name, and DBMS version.
by Ihsan Sencan
CVSS 8.2
CVE-2018-25393 EXPLOITDB MEDIUM text
Navigate CMS 2.8.5 Path Traversal via navigate_download.php
Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate_download.php with path traversal payloads ../../../cfg/globals.php to access sensitive configuration files and system files outside the intended directory.
by Ihsan Sencan
CVSS 6.5
CVE-2017-3631 EXPLOITDB MEDIUM ruby VERIFIED
Oracle Sun Systems Products Suite 11 - Privilege Escalation
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
by Metasploit
CVSS 5.3
CVE-2017-3629 EXPLOITDB HIGH ruby VERIFIED
Oracle Sun Systems Products Suite Kernel - Takeover
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
by Metasploit
CVSS 7.8
CVE-2017-1000364 EXPLOITDB HIGH ruby VERIFIED
Linux Kernel <4.11.5 - Memory Corruption
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
by Metasploit
CVSS 7.4
CVE-2018-11529 EXPLOITDB HIGH ruby VERIFIED
Debian Linux < 2.2.8 - Use After Free
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
by Metasploit
CVSS 8.0
CVE-2018-8411 EXPLOITDB HIGH text VERIFIED
Windows NTFS - Elevation of Privilege via Improper Access Check
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 7.8
CVE-2017-3630 EXPLOITDB MEDIUM ruby VERIFIED
Solaris RSH Stack Clash Privilege Escalation
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
by Metasploit
CVSS 5.3
EIP-2026-114093 EXPLOITDB text
WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
by Ismail Tasdelen
EIP-2026-113119 EXPLOITDB text
Vishesh Auto Index 3.1 - 'fid' SQL Injection
by Ihsan Sencan
EIP-2026-111820 EXPLOITDB text
Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection
by Ihsan Sencan
EIP-2026-109657 EXPLOITDB text
MV Video Sharing Software 1.2 - 'searchname' SQL Injection
by Ihsan Sencan