Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-103138 EXPLOITDB ruby VERIFIED
HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit)
by Metasploit
EIP-2026-103137 EXPLOITDB ruby VERIFIED
HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit)
by Metasploit
CVE-2018-0491 EXPLOITDB HIGH html
Tor 0.3.2.0-0.3.2.9 - Use-After-Free in KIST Pending List
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
by t4rkd3vilz
CVSS 7.5
CVE-2017-3248 EXPLOITDB CRITICAL python
Oracle WebLogic Server <12.2.1.1 - RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).
by bobsecq
CVSS 9.8
CVE-2018-8738 EXPLOITDB MEDIUM text
Airties 5444 and 5444TT Firmware 1.0.0.18 - Cross-Site Scripting
Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS.
by Raif Berkay Dincel
CVSS 6.1
CVE-2018-12589 EXPLOITDB HIGH c
Polaris Office 2017 8.1 - Remote Code Execution via Trojan Horse DLL in Current Working Directory
Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory.
by hyp3rlinx
CVSS 7.8
CVE-2018-12977 EXPLOITDB HIGH text
SoftExpert Excellence Suite 2.0 - Authenticated SQL Injection via cddocument Parameter
A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the "cddocument" parameter in the "Downloading Electronic Documents" section.
by Seren PORSUK
CVSS 8.8
EIP-2026-118071 EXPLOITDB python
VLC media player 2.2.8 - Arbitrary Code Execution (PoC)
by Eugene Ng
CVE-2018-13109 EXPLOITDB HIGH text
Adbglobal Dv2210 Firmware - Incorrect Authorization
All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well.
by SEC Consult
CVSS 7.5
CVE-2018-13110 EXPLOITDB HIGH text
Adbglobal Dv2210 Firmware - Incorrect Permission Assignment
All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks.
by SEC Consult
CVSS 7.5
CVE-2018-13108 EXPLOITDB HIGH text
Epicentro - Privilege Escalation
All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP.
by SEC Consult
CVSS 7.8
CVE-2018-12519 EXPLOITDB HIGH text
ShopNx through 2017-11-17 - Unrestricted Upload of File with Dangerous Type
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials.
by L0RD
CVSS 8.8
CVE-2018-12908 EXPLOITDB CRITICAL text
Brynamics - Exposure of Sensitive Information via Direct Request to /dashboard/deposit
Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstrated by discovering database credentials.
by L0RD
CVSS 9.8
CVE-2018-1000094 EXPLOITDB HIGH python VERIFIED
CMS Made Simple <2.2.5 - Authenticated RCE
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.
by Mustafa Hasan
CVSS 7.2
EIP-2026-104266 EXPLOITDB python
Gitea 1.4.0 - Remote Code Execution
by Kacper Szurek
EIP-2026-102404 EXPLOITDB python VERIFIED
ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution
by Kacper Szurek
CVE-2015-7243 EXPLOITDB ruby VERIFIED
Boxoft WAV to MP3 Converter - Buffer Overflow via Crafted WAV File
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file.
by Metasploit
CVE-2018-12520 EXPLOITDB HIGH python
ntopng <3.4.180617 - Info Disclosure
An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they're targeting can abuse the deterministic random number generation in order to hijack the user's session, thus escalating their access.
by Ioannis Profetis
CVSS 8.1
CVE-2018-25357 EXPLOITDB CRITICAL text
Dolibarr ERP CRM 7.0.3 Remote Code Evaluation via install/step1.php
Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the db_name parameter, then execute commands via the check.php endpoint using the cmd GET parameter.
by om3rcitak
CVSS 9.8
CVE-2018-25356 EXPLOITDB HIGH text
SIPp 3.6 Local Buffer Overflow via Command-line Arguments
SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -log_file parameters, causing strcpy to write beyond buffer boundaries in sipp.cpp.
by Fakhri Zulkifli
CVSS 8.4
CVE-2018-8735 EXPLOITDB HIGH ruby VERIFIED
Nagios XI 5.2.0-5.4.12 - Remote Code Execution via OS Command Injection
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.
by Metasploit
CVSS 8.8
CVE-2018-8734 EXPLOITDB CRITICAL ruby VERIFIED
Nagios XI 5.2.0-5.4.12 - SQL Injection via selInfoKey1 Parameter
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.
by Metasploit
CVSS 9.8
CVE-2018-8733 EXPLOITDB CRITICAL ruby VERIFIED
Nagios XI 5.2.0-5.4.12 - Unauthenticated SQL Injection via Core Config Manager
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability.
by Metasploit
CVSS 9.8
CVE-2018-13031 EXPLOITDB HIGH html
DamiCMS 6.0.0 and 6.1.0 - Cross-Site Request Forgery via Admin Account Addition
DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.
by bay0net
CVSS 8.8
CVE-2018-7573 EXPLOITDB CRITICAL ruby VERIFIED
FTPShell Client 6.7 - Remote Code Execution via FTP 220 Response Buffer Overflow
An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and CVE-2017-6465.
by Metasploit
CVSS 9.8