Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-119592 EXPLOITDB python
Instagram App 41.1788.50991.0 - Denial of Service (PoC)
by Ali Alipour
EIP-2026-117518 EXPLOITDB text
Microsoft Windows - Advanced Local Procedure Call (ALPC) Local Privilege Escalation
by SandboxEscaper
CVE-2018-8353 EXPLOITDB HIGH html VERIFIED
Internet Explorer <11 - Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
by Google Security Research
CVSS 7.5
EIP-2026-115054 EXPLOITDB python
Cisco Network Assistant 6.3.3 - 'Cisco Login' Denial of Service (PoC)
by Luis Martínez
EIP-2026-103031 EXPLOITDB text
VirtualBox 5.2.6.r120293 - VM Escape
by Reno Robert
CVE-2018-25366 EXPLOITDB HIGH python
CuteFTP 5.0 XP Buffer Overflow via Site Manager Label Field
CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortcut is created and launched.
by Matteo Malvica
CVSS 8.4
CVE-2018-9948 EXPLOITDB MEDIUM ruby VERIFIED
Foxit PDF Reader Pointer Overwrite UAF
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5380.
by Metasploit
CVSS 6.5
CVE-2018-15535 EXPLOITDB HIGH text VERIFIED
tecrail Responsive FileManager < 9.13.4 - Path Traversal via get_file Parameter
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal.
by Simon Uvarov
CVSS 7.5
EIP-2026-119590 EXPLOITDB text
Firefox 55.0.3 - Denial of Service (PoC)
by L0RD
EIP-2026-119421 EXPLOITDB text
Sentrifugo HRMS 3.2 - 'deptid' SQL Injection
by Javier Olmedo
CVE-2018-9958 EXPLOITDB HIGH ruby VERIFIED
Foxit Reader and PhantomPDF < 9.0.1.1049 - Remote Code Execution via Text Annotation Point Attribute
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620.
by Metasploit
CVSS 8.8
CVE-2017-2741 EXPLOITDB CRITICAL ruby VERIFIED
HP PageWide/OfficeJet Pro <1708D - RCE
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.
by Metasploit
CVSS 9.8
CVE-2018-15877 EXPLOITDB HIGH html VERIFIED
Plainview Activity Monitor < 20180826 - OS Command Injection via IP Parameter
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
by Lydéric Lefebvre
CVSS 8.8
CVE-2018-15536 EXPLOITDB MEDIUM text VERIFIED
tecrail Responsive FileManager < 9.13.4 - Path Traversal and Arbitrary File Write via Archive Extraction
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal.
by Simon Uvarov
CVSS 5.5
EIP-2026-109171 EXPLOITDB python
LiteCart 2.1.2 - Arbitrary File Upload
by Haboob Team
CVE-2018-15845 EXPLOITDB HIGH text
Gleez CMS 1.2.0 - Cross-Site Request Forgery via Admin User Addition
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.
by GunEggWang
CVSS 8.8
CVE-2018-15685 EXPLOITDB HIGH text VERIFIED
Electron 1.7.15, 1.8.7, 2.0.7, 3.0.0-beta.6 - Remote Code Execution via WebPreferences Misconfiguration
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.
by Matt Austin
CVSS 8.1
CVE-2018-15120 EXPLOITDB MEDIUM bash
Pango 1.40.8-1.42.3 - Denial of Service via Invalid Unicode Sequences
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
by Jeffery M
CVSS 6.5
CVE-2018-12827 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <30.0.0.134 - Info Disclosure
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
by Google Security Research
CVSS 7.5
EIP-2026-102188 EXPLOITDB python
Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC)
by Luis Martínez
EIP-2026-101974 EXPLOITDB text
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
by Yorick Koster
CVE-2018-15884 EXPLOITDB HIGH text
RICOH MP C4504ex Firmware - HTML Injection via entryNameIn Parameter
RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
by Ismail Tasdelen
CVSS 8.8
CVE-2018-16159 EXPLOITDB CRITICAL text VERIFIED
Gift Vouchers < 2.0.1 - SQL Injection via template_id Parameter
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
by Renos Nikolaou
CVSS 9.8
CVE-2018-15740 EXPLOITDB MEDIUM text
ManageEngine ADManager Plus 6.5.7 - Stored Cross-Site Scripting in Workflow Delegation Requester Roles
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
by Ismail Tasdelen
CVSS 6.1
CVE-2018-11776 EXPLOITDB HIGH python
Apache Struts 2 Namespace Redirect OGNL Injection
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
by Mazin Ahmed
CVSS 8.1