Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-16308 EXPLOITDB HIGH text
Ninja Forms <3.3.14.1 - Code Injection
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
by Mostafa Gharzi
CVSS 8.6
CVE-2018-15473 EXPLOITDB MEDIUM python VERIFIED
OpenSSH < 7.7 - User Enumeration via Authentication Request Timing
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
by Justin Gardner
CVSS 5.3
EIP-2026-101771 EXPLOITDB ruby
Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)
by Alfie
CVE-2018-25293 EXPLOITDB MEDIUM python VERIFIED
Prime95 29.4b7 Denial of Service via Proxy Password Field
Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet connection dialog that allows local attackers to crash the application by supplying an excessively long string in the optional proxy password field. Attackers can trigger a denial of service by entering a 6000-byte payload into the proxy password parameter, causing the application to crash when processing the connection settings.
by Gionathan Reale
CVSS 6.2
CVE-2018-25292 EXPLOITDB MEDIUM python VERIFIED
Bome Restorator 1793 Denial of Service via Buffer Overflow
Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can create a malicious payload exceeding 4000 bytes and paste it into the Name input field to trigger an application crash and denial of service.
by Gionathan Reale
CVSS 6.2
EIP-2026-119626 EXPLOITDB python VERIFIED
Zortam MP3 Media Studio 23.95 - Denial of Service (PoC)
by Gionathan Reale
CVE-2013-0662 EXPLOITDB python
Schneider Electric Modbus Serial Driver <3.2 - RCE
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.
by Alejandro Parodi
CVE-2013-0662 EXPLOITDB python
Schneider Electric Modbus Serial Driver <3.2 - RCE
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.
by Alejandro Parodi
CVE-2018-10752 EXPLOITDB MEDIUM text
Tagregator 0.6 - Stored Cross-Site Scripting via Title Field
The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.
by ManhNho
CVSS 4.8
EIP-2026-113626 EXPLOITDB text
WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection
by Çlirim Emini
CVE-2018-11502 EXPLOITDB MEDIUM text
Moderator Log Notes 1.1 - Cross-Site Request Forgery
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF.
by 0xB9
CVSS 6.5
EIP-2026-106182 EXPLOITDB text
Countly - Cross-Site Scripting
by Sleepy
CVE-2018-15576 EXPLOITDB HIGH php VERIFIED
EasyLogin Pro < 1.3.0 - Remote Code Execution via Encryptor.php Unserialize
An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key.
by mr_me
CVSS 8.1
CVE-2013-0657 EXPLOITDB python
Schneider Electric IGSS <10 - Buffer Overflow
Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol.
by Alejandro Parodi
CVE-2018-25294 EXPLOITDB HIGH python VERIFIED
CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service
CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition.
by Gionathan Reale
CVSS 7.5
CVE-2018-8279 EXPLOITDB HIGH javascript VERIFIED
Microsoft Edge and ChakraCore - Remote Code Execution via Memory Corruption
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301.
by Google Security Research
CVSS 7.5
CVE-2018-8298 EXPLOITDB HIGH javascript VERIFIED
ChakraCore < 1.10.1 - Remote Code Execution via Memory Corruption
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.
by Google Security Research
CVSS 7.5
CVE-2018-8288 EXPLOITDB HIGH javascript VERIFIED
Microsoft Browsers - Memory Corruption
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.
by Google Security Research
CVSS 7.5
EIP-2026-115649 EXPLOITDB javascript VERIFIED
Microsoft Edge Chakra JIT - 'InlineArrayPush' Type Confusion
by Google Security Research
CVE-2018-8291 EXPLOITDB HIGH javascript VERIFIED
Microsoft Browsers - Memory Corruption
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298.
by Google Security Research
CVSS 7.5
EIP-2026-101848 EXPLOITDB go
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
by Maxim Yefimenko
CVE-2018-11510 EXPLOITDB CRITICAL python
ASUSTOR ADM < 3.1.2.rhg1 - Unauthenticated Remote Code Execution via script Parameter
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.
by Matthew Fulton
CVSS 9.8
CVE-2018-25296 EXPLOITDB MEDIUM python VERIFIED
P10 Central Management Software 1.4.13 Denial of Service
P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an application crash and denial of service.
by Gionathan Reale
CVSS 5.5
CVE-2018-25295 EXPLOITDB MEDIUM python VERIFIED
ObserverIP Scan Tool 1.4.0.1 Denial of Service via IP Field
ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Attackers can paste a 2000-byte buffer of repeated characters into the IP field and trigger a search operation to cause an application crash.
by Gionathan Reale
CVSS 6.2
CVE-2018-15571 EXPLOITDB HIGH text
Export Users to CSV < 1.1.1 - CSV Injection
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection.
by Javier Olmedo
CVSS 8.6