Exploitdb Exploits

49,989 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-16283 EXPLOITDB CRITICAL text
Wechat Brodcast < 1.2.0 - Path Traversal
The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.
by Manuel García Cárdenas
CVSS 9.8
CVE-2018-16299 EXPLOITDB HIGH text
Localize MY Post - Path Traversal
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
by Manuel García Cárdenas
CVSS 7.5
CVE-2018-16736 EXPLOITDB MEDIUM text
Roundcube rcfilters <2.1.6 - XSS
In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings).
by Fahimeh Rezaei
CVSS 5.4
CVE-2018-16288 EXPLOITDB HIGH python
LG Supersign Cms - Information Disclosure
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
by Alejandro Fanjul
CVSS 8.6
CVE-2018-15832 EXPLOITDB HIGH text
Ubisoft Uplay - Improper Input Validation
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process.
by Che-Chun Kuo
CVSS 8.8
CVE-2018-1002008 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002007 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002006 EXPLOITDB MEDIUM text
XSS - Privilege Escalation
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002005 EXPLOITDB MEDIUM text
XSS - Bft List Html Php
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002004 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002003 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002002 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002001 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002000 EXPLOITDB HIGH text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - SQL Injection
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.
by Larry W. Cashdollar
CVSS 7.2
CVE-2018-8355 EXPLOITDB HIGH javascript VERIFIED
Microsoft Browsers - Memory Corruption
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
by Google Security Research
CVSS 7.5
CVE-2018-8384 EXPLOITDB HIGH javascript VERIFIED
Microsoft Edge - Memory Corruption
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381.
by Google Security Research
CVSS 7.5
CVE-2006-4842 EXPLOITDB ruby VERIFIED
Netscape Portable Runtime (NSPR) API <4.6.3 - Local File Creation
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
by Metasploit
CVE-2018-1002009 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.
by Larry W. Cashdollar
CVSS 4.8
EIP-2026-101392 EXPLOITDB python
NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)
by Jacob Baines
CVE-2018-25125 EXPLOITDB HIGH python VERIFIED
Netis ADSL Router DL4322D RTK 2.1.1 - DoS
Netis ADSL Router DL4322D firmware RTK 2.1.1 contains a buffer overflow vulnerability in the embedded FTP service that allows an authenticated remote user to trigger a denial of service. After logging in to the FTP service, sending an FTP command such as ABOR with an excessively long argument causes the service, and in practice the router, to crash or become unresponsive, resulting in a loss of availability for the device and connected users.
by cakes
EIP-2026-119610 EXPLOITDB python VERIFIED
Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC)
by Jose Eduardo Castro
EIP-2026-119609 EXPLOITDB python VERIFIED
Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC)
by Jose Eduardo Castro
EIP-2026-119606 EXPLOITDB python
Notebook Pro 2.0 - Denial Of Service (PoC)
by Ali Alipour
EIP-2026-119605 EXPLOITDB python
Notebook Pro 2.0 - Denial Of Service (PoC)
by Ali Alipour
EIP-2026-119504 EXPLOITDB python VERIFIED
XAMPP Control Panel 3.2.2 - Denial of Service (PoC)
by Gionathan Reale
By Source
All 49,989 Writeup 59,960 Exploitdb 49,989 Nomisec 21,574 Metasploit 3,218 Github 2,551 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,330 python 5,933 ruby 5,907 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24