Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-14328 EXPLOITDB CRITICAL text
Brynamics Online Trade - Info Disclosure
Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for /dashboard/addplan, /dashboard/paywithcard/charge, /dashboard/withdrawal, or /privacy&terms, as demonstrated by reading database username, database password, database_name, and IP address fields, related to CVE-2018-12908.
by Dhamotharan
CVSS 9.8
CVE-2018-10662 EXPLOITDB CRITICAL ruby VERIFIED
Axis IP Cameras - Exposed Insecure Interface
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
by Metasploit
CVSS 9.8
CVE-2018-14519 EXPLOITDB MEDIUM text
Kirby 2.5.12 - Cross-Site Request Forgery in Delete Page Functionality
An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page.
by Zaran Shaikh
CVSS 4.3
CVE-2018-20658 EXPLOITDB HIGH python
Core FTP 2.0 build 653 - Denial of Service via XRMD Command
The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial of service (daemon crash) via a crafted XRMD command.
by Erik David Martin
CVSS 7.5
CVE-2018-13859 EXPLOITDB CRITICAL text
MusicCenter / Trivum Multiroom Setup Tool V8.76-9.34 - Auth Bypass
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).
by vulnc0d3
CVSS 9.8
CVE-2018-25255 EXPLOITDB HIGH python
10-Strike LANState 8.8 Local Buffer Overflow SEH
10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that overflows the buffer, overwrites the SEH chain, and executes shellcode when the file is opened in the application.
by absolomb
CVSS 8.4
EIP-2026-116675 EXPLOITDB python
10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH)
by absolomb
EIP-2026-116674 EXPLOITDB python
10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH)
by absolomb
CVE-2017-17849 EXPLOITDB CRITICAL python
GetGo Download Manager < 5.3.0.2712 - Remote Code Execution via Long HTTP Response
A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response.
by Nathu Nandwani
CVSS 9.8
CVE-2018-12464 EXPLOITDB CRITICAL ruby
Micro Focus Secure Messaging Gateway <471 - SQL Injection
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).
by Mehmet Ince
CVSS 10.0
CVE-2018-13457 EXPLOITDB MEDIUM text
Nagios Core < 4.4.1 - Denial of Service via NULL Pointer Dereference in qh_echo
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
by Fakhri Zulkifli
CVSS 5.5
CVE-2018-13441 EXPLOITDB MEDIUM text
Nagios < 4.4.1 - Denial of Service via qh_help NULL Pointer Dereference
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
by Fakhri Zulkifli
CVSS 5.5
CVE-2018-12465 EXPLOITDB CRITICAL ruby
Micro Focus SMG <471 - Command Injection
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5).
by Mehmet Ince
CVSS 9.1
CVE-2018-13458 EXPLOITDB MEDIUM text
Nagios Core < 4.4.1 - Denial of Service via Crafted UNIX Socket Payload
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
by Fakhri Zulkifli
CVSS 5.5
EIP-2026-101619 EXPLOITDB text
D-link DAP-1360 - Path Traversal / Cross-Site Scripting
by r3m0t3nu11
EIP-2026-101618 EXPLOITDB text
D-link DAP-1360 - Path Traversal / Cross-Site Scripting
by r3m0t3nu11
CVE-2018-25359 EXPLOITDB HIGH text VERIFIED
Splinterware System Scheduler Pro 5.12 Privilege Escalation
Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious executable that executes with LocalSystem privileges when the service is triggered.
by bzyo
CVSS 8.4
CVE-2018-14933 EXPLOITDB CRITICAL text VERIFIED
NUUO NVRmini Firmware - Remote Command Execution via uploaddir Parameter
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
by Berk Dusunur
CVSS 9.8
CVE-2018-14520 EXPLOITDB MEDIUM text VERIFIED
Kirby 2.5.12 - Cross-Site Request Forgery
An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages.
by Zaran Shaikh
CVSS 5.4
EIP-2026-118871 EXPLOITDB text
Microsoft Windows - 'dnslint.exe' Drive-By Download
by hyp3rlinx
EIP-2026-117951 EXPLOITDB python
Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH)
by bzyo
EIP-2026-115818 EXPLOITDB text
Microsoft Windows Speech Recognition - Buffer Overflow (PoC)
by Nassim Asrir
EIP-2026-103325 EXPLOITDB text
Synology DiskStation Manager 4.1 - Directory Traversal
by Berk Dusunur
CVE-2015-5996 EXPLOITDB HIGH python
Mediabridge Medialink MWN-WAPR300N <5.07.50 - CSRF
Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users.
by Nathu Nandwani
CVSS 8.8
CVE-2018-10618 EXPLOITDB CRITICAL python
Davolink DVW-3200N <1.00.06 - Info Disclosure
Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device.
by Ankit Anubhav
CVSS 9.8