Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-119629 EXPLOITDB python
CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass)
by Manoj Ahuje
CVE-2018-14493 EXPLOITDB MEDIUM text
Open-Audit Community 2.2.6 - Stored Cross-Site Scripting via Group Name
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.
by Ranjeet Jaiswal
CVSS 6.1
CVE-2018-14840 EXPLOITDB MEDIUM text
Subrion < 4.2.2 - Cross-Site Scripting via .html File Upload
uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).
by Zeel Chavda
CVSS 6.1
EIP-2026-110037 EXPLOITDB html
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
by r3m0t3nu11
EIP-2026-105974 EXPLOITDB text
CMS ISWEB 3.5.3 - Directory Traversal
by Thiago Sena
CVE-2019-8982 EXPLOITDB CRITICAL text
WaveMaker Studio 6.6 - Server-Side Request Forgery via studioService.download inUrl Parameter
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.
by Gionathan Reale
CVSS 9.6
CVE-2018-12090 EXPLOITDB MEDIUM text
LAMS < 3.1 - Unauthenticated Reflected Cross-Site Scripting via Forgot Password Key Parameter
There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change.
by Nikola Kojic
CVSS 6.1
CVE-2018-7669 EXPLOITDB HIGH text
Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above - Path Traversal via Log Viewer File Parameter
An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating System using a sitecore/shell/default.aspx?xmlcontrol=LogViewerDetails&file= URI. Validation is performed to ensure that the text passed to the 'file' parameter correlates to the correct log file directory. This filter can be bypassed by including a valid log filename and then appending a traditional 'dot dot' style attack.
by Chris
CVSS 7.5
CVE-2015-4077 EXPLOITDB c++ VERIFIED
FortiClient < 5.2.3 - Unauthorized Kernel Memory Read via mdare Driver ioctl
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call.
by sickness & mschenk
CVE-2015-5736 EXPLOITDB c++ VERIFIED
Fortinet FortiClient < 5.2.3 - Local Privilege Escalation via Fortishield.sys Ioctl Calls
The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.
by sickness & mschenk
CVE-2018-13417 EXPLOITDB CRITICAL text
Vuze Bittorrent Client 5.7.6.0 - XML External Entity Injection via SSDP/UPnP XML Parser
In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Vuze, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
by Chris Moberly
CVSS 9.8
CVE-2018-13415 EXPLOITDB CRITICAL text
Plex Media Server 1.13.2.5154 - Unauthenticated XML External Entity Injection via SSDP/UPnP Parser
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Plex, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
by Chris Moberly
CVSS 9.8
EIP-2026-118098 EXPLOITDB python
Wedding Slideshow Studio 1.36 - Buffer Overflow
by Achilles
CVE-2018-14869 EXPLOITDB MEDIUM text
PHP Template Store Script 3.0.6 - XSS
PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile.
by Sarafraz Khan
CVSS 5.4
CVE-2017-1000112 EXPLOITDB HIGH ruby VERIFIED
Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005.
by Metasploit
CVSS 7.0
EIP-2026-100773 EXPLOITDB text VERIFIED
cgit < 1.2.1 - 'cgit_clone_objects()' Directory Traversal
by Google Security Research
CVE-2018-5413 EXPLOITDB HIGH python
Imperva SecureSphere <13.0-11.5 - Privilege Escalation
Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation.
by 0x09AL
CVSS 8.8
CVE-2018-5412 EXPLOITDB HIGH ruby
Imperva SecureSphere <12.0.0.50 - RCE
Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode.
by 0x09AL
CVSS 7.8
CVE-2018-13416 EXPLOITDB CRITICAL text
Universal Media Server 7.1.0 - Unauthenticated XML External Entity Injection via SSDP/UPnP Parser
In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running UMS, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
by Chris Moberly
CVSS 9.8
CVE-2018-8096 EXPLOITDB CRITICAL python
Datalust Seq <4.2.605 - Auth Bypass
Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name":"isauthenticationenabled","Value":false' in an api/settings/setting-isauthenticationenabled PUT request.
by Daniel Chactoura
CVSS 9.8
EIP-2026-114874 EXPLOITDB python VERIFIED
AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)
by Luis Martínez
CVE-2018-2892 EXPLOITDB HIGH c
Oracle Solaris <11 - Privilege Escalation
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Availability Suite Service). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
by mu-b
CVSS 7.8
CVE-2018-14029 EXPLOITDB HIGH html
wityCMS 0.6.2 - Cross-Site Request Forgery in Admin User Edit
CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field.
by Porhai Eung
CVSS 8.8
EIP-2026-112668 EXPLOITDB text VERIFIED
TI Online Examination System v2 - Arbitrary File Download
by AkkuS
EIP-2026-110449 EXPLOITDB text
PageResponse FB Inboxer Add-on 1.2 - 'search_field' SQL Injection
by AkkuS