Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-14058 EXPLOITDB MEDIUM text
pimcore < 5.3.0 - SQL Injection via REST Web Service API
Pimcore before 5.3.0 allows SQL Injection via the REST web service API.
by SEC Consult
CVSS 6.5
CVE-2018-14057 EXPLOITDB HIGH text
pimcore < 5.3.0 - Cross-Site Request Forgery via Missing CSRF Token Validation
Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function.
by SEC Consult
CVSS 8.8
CVE-2018-15141 EXPLOITDB MEDIUM text VERIFIED
OpenEMR < 5.0.1.4 - Authenticated Path Traversal via Patient Portal Import Template
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.
by Joshua Fam
CVSS 6.5
CVE-2018-15140 EXPLOITDB MEDIUM text VERIFIED
OpenEMR < 5.0.1.4 - Authenticated Path Traversal via Patient Portal Import Template
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get.
by Joshua Fam
CVSS 6.5
CVE-2018-14059 EXPLOITDB MEDIUM text
pimcore < 5.2.3 and >=0 < 5.3.0 - Cross-Site Scripting via Multiple Input Fields
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.
by SEC Consult
CVSS 5.4
CVE-2018-15142 EXPLOITDB HIGH text VERIFIED
OpenEMR < 5.0.1.4 - Authenticated Path Traversal and Arbitrary PHP File Write via Patient Portal Import Template
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed directory.
by Joshua Fam
CVSS 8.8
CVE-2018-15473 EXPLOITDB MEDIUM python VERIFIED
OpenSSH < 7.7 - User Enumeration via Authentication Request Timing
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
by Matthew Daley
CVSS 5.3
CVE-2018-12293 EXPLOITDB HIGH text
WebKit <2.20.3-2.20.1 - Buffer Overflow
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.
by PeregrineX
CVSS 8.8
CVE-2018-15172 EXPLOITDB HIGH text
TP-Link TL-WR840N Firmware - Buffer Overflow via Long Authorization HTTP Header
TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header.
by Aniket Dinda
CVSS 7.5
CVE-2018-11510 EXPLOITDB CRITICAL text
ASUSTOR ADM < 3.1.2.rhg1 - Unauthenticated Remote Code Execution via script Parameter
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.
by Kyle Lovett
CVSS 9.8
CVE-2018-11509 EXPLOITDB CRITICAL text
ASUSTOR ADM 3.1.0.RFQ3 - Use of Hard-coded Credentials
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.
by Kyle Lovett
CVSS 9.8
EIP-2026-101532 EXPLOITDB text
ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass
by AmnBAN
CVE-2018-15181 EXPLOITDB MEDIUM text
JioFi 4G Hotspot M2S Firmware - Denial of Service via XSS in SSID and Security Key Fields
JioFi 4G Hotspot M2S devices allow attackers to cause a denial of service (secure configuration outage) via an XSS payload in the SSID name and Security Key fields.
by Vikas Chaudhary
CVSS 6.5
CVE-2018-11511 EXPLOITDB CRITICAL text
ASUSTOR ADM 3.1.0.RFQ3 - SQL Injection via Photo Gallery Tree List Album ID or Scope Parameter
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI.
by Kyle Lovett
CVSS 9.8
CVE-2018-25297 EXPLOITDB MEDIUM python VERIFIED
Wansview 1.0.2 Denial of Service via Buffer Overflow
Wansview 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can inject 2000-byte payloads into the Camera name and DID number fields during camera addition to trigger application crashes.
by Gionathan Reale
CVSS 6.2
CVE-2018-6892 EXPLOITDB CRITICAL ruby
CloudMe Sync < 1.10.9 - Unauthenticated Remote Buffer Overflow via Port 8888
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.
by Raymond Wellnitz
CVSS 9.8
CVE-2017-1000028 EXPLOITDB HIGH ruby VERIFIED
Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
by Metasploit
CVSS 7.5
CVE-2017-1000028 EXPLOITDB HIGH ruby
Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
by Dhiraj Mishra
CVSS 7.5
CVE-2018-14912 EXPLOITDB HIGH ruby
cgit < 1.2.1 - Path Traversal via git/objects/?path=../ Request
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
by Dhiraj Mishra
CVSS 7.5
CVE-2019-1010136 EXPLOITDB HIGH python
ChinaMobile GPN2.4P21-C-CN W2001EN-00 - Unauthenticated RCE
ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access Control - Unauthenticated Remote Reboot. The impact is: PLC Wireless Router's are vulnerable to an unauthenticated remote reboot due. The component is: Reboot settings are available to unauthenticated users instead of only authenticaed users. The attack vector is: Remote.
by Chris Rose
CVSS 7.5
CVE-2018-1513 EXPLOITDB MEDIUM text VERIFIED
IBM Sterling B2B Integrator 5.2.0-5.2.6 - Cross-Site Scripting
IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141551.
by Vikas Khanna
CVSS 5.4
EIP-2026-119545 EXPLOITDB python
Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow
by Shubham Singh
EIP-2026-119496 EXPLOITDB python VERIFIED
Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC)
by Shubham Singh
EIP-2026-119477 EXPLOITDB python VERIFIED
IP Finder 1.5 - Denial of Service (PoC)
by Shubham Singh
CVE-2018-2628 EXPLOITDB CRITICAL ruby VERIFIED
Oracle WebLogic Server <12.2.1.3 - RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by Metasploit
CVSS 9.8