Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-9488 EXPLOITDB HIGH text VERIFIED
Android 8.0-9.0 - Incorrect Authorization in SELinux crash_dump.te Permissions
In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376.
by Google Security Research
CVSS 7.8
CVE-2018-25377 EXPLOITDB HIGH python
Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH
Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the Help > Register dialog to trigger a reverse shell with system privileges.
by Shubham Singh
CVSS 8.4
CVE-2018-25376 EXPLOITDB HIGH python
Socusoft 3GP Photo Slideshow 8.05 Buffer Overflow SEH
Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft malicious input in the Registration Name and Registration Key fields to overwrite the SEH chain and execute shellcode for reverse shell access.
by Shubham Singh
CVSS 8.4
CVE-2018-25375 EXPLOITDB HIGH python
SocuSoft iPod Photo Slideshow 8.05 Buffer Overflow SEH
SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft malicious input in the Registration Name and Registration Key fields to trigger a stack-based buffer overflow and execute a reverse shell payload.
by Shubham Singh
CVSS 8.4
CVE-2018-25282 EXPLOITDB MEDIUM text
Nmap 7.70 Denial of Service via XML Entity Expansion
Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import functionality to cause the program to consume excessive system resources and crash.
by Gionathan Reale
CVSS 6.2
CVE-2018-16752 EXPLOITDB HIGH python
LINK-NET LW-N605R Firmware 12.20.2.1486 - Authenticated Remote Code Execution via Ping HOST Field
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.
by Nassim Asrir
CVSS 8.8
EIP-2026-119550 EXPLOITDB python
Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH)
by Shubham Singh
EIP-2026-119457 EXPLOITDB python
Any Sound Recorder 2.93 - Denial of Service (PoC)
by T3jv1l
EIP-2026-117478 EXPLOITDB text
Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection
by hyp3rlinx
CVE-2018-11776 EXPLOITDB HIGH ruby VERIFIED
Apache Struts 2 Namespace Redirect OGNL Injection
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
by Metasploit
CVSS 8.1
CVE-2018-16509 EXPLOITDB HIGH ruby VERIFIED
Artifex Ghostscript <9.24 - Privilege Escalation
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
by Metasploit
CVSS 7.8
CVE-2018-25374 EXPLOITDB HIGH text
Softneta MedDream PACS Server Premium 6.7.1.1 Directory Traversal
Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and access sensitive files including system configuration and password files.
by Carlos Avila
CVSS 7.5
CVE-2018-25373 EXPLOITDB HIGH python
DVD Photo Slideshow Professional 8.07 Buffer Overflow SEH
SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious text file with carefully constructed payload containing junk bytes, SEH chain overwrite, and shellcode, then paste the contents into the Registration Name field via Help > Register to trigger code execution.
by T3jv1l
CVSS 8.4
CVE-2018-25372 EXPLOITDB HIGH text
MedDream PACS Server Premium 6.7.1.1 SQL Injection via email
MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads in the email field to extract sensitive database information from the backend MySQL database.
by Carlos Avila
CVSS 8.2
CVE-2018-25283 EXPLOITDB HIGH python
iSmartViewPro 1.5 Buffer Overflow via SavePath Parameter
iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the System Setup interface to overwrite SEH records and execute shellcode with application privileges.
by Gionathan Reale
CVSS 8.4
EIP-2026-103231 EXPLOITDB text
Tenable WAS-Scanner 7.4.1708 - Remote Command Execution
by Sameer Goyal
CVE-2018-0715 EXPLOITDB MEDIUM text
QNAP Photo Station <= 5.7.0 - Cross-Site Scripting
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application.
by Mitsuaki Shiraishi
CVSS 6.1
CVE-2018-25142 EXPLOITDB CRITICAL text
NovaRad NovaPACS Diagnostics Viewer <8.5.19.75 - XXE Injection
NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack.
by LiquidWorm
CVSS 9.8
CVE-2018-0437 EXPLOITDB HIGH c
Cisco Umbrella Enterprise Roaming Client < 2.1.118 - Improper Privilege Management
A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges.
by ParagonSec
CVSS 7.8
CVE-2018-0438 EXPLOITDB HIGH c
Cisco Umbrella Enterprise Roaming Client < 2.1.127 Privilege Escalation via File Permission Bypass
A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges.
by ParagonSec
CVSS 7.8
CVE-2018-15917 EXPLOITDB MEDIUM text
Jorani 0.6.5 - Stored Cross-Site Scripting via Language Parameter
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.
by Javier Olmedo
CVSS 5.4
CVE-2018-15918 EXPLOITDB MEDIUM text VERIFIED
Jorani 0.6.5 - SQL Injection via Startdate or Enddate Parameter
An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate.
by Javier Olmedo
CVSS 5.4
CVE-2014-0030 EXPLOITDB CRITICAL python
Apache Roller - XML External Entity Injection
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
by Marko Jokic
CVSS 9.8
CVE-2018-16059 EXPLOITDB MEDIUM text
Endress+Hauser WirelessHART Fieldgate SWG70 3.x - Path Traversal via fcgi-bin/wgsetcgi filename Parameter
Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.
by Hamit CİBO
CVSS 5.3
EIP-2026-101626 EXPLOITDB text
D-Link Dir-600M N150 - Cross-Site Scripting
by PUNIT DARJI