Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-117130 EXPLOITDB text
Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection
by hyp3rlinx
EIP-2026-115086 EXPLOITDB python
Core FTP LE 2.2 - Buffer Overflow (PoC)
by Berk Cem Göksel
CVE-2018-8736 EXPLOITDB HIGH ruby VERIFIED
Nagios XI <5.4.13 - Privilege Escalation
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root.
by Metasploit
CVSS 8.8
CVE-2018-6961 EXPLOITDB HIGH python VERIFIED
VMware NSX SD-WAN by VeloCloud < 3.1.0 - Remote Code Execution via Local Web UI Command Injection
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.
by ParagonSec
CVSS 8.1
EIP-2026-101759 EXPLOITDB ruby
Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)
by RandoriSec
CVE-2018-10594 EXPLOITDB CRITICAL python
Delta Industrial Automation COMMGR <1.08 - Buffer Overflow
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.
by t4rkd3vilz
CVSS 9.8
CVE-2018-12984 EXPLOITDB CRITICAL text
Hycus CMS 1.0.4 - Authentication Bypass via '=' 'OR' Credentials
Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials.
by Berk Dusunur
CVSS 9.8
CVE-2018-12715 EXPLOITDB MEDIUM text
DIGISOL DG-HR3400 Firmware - Stored Cross-Site Scripting via SSID Parameter
DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.
by Adipta Basu
CVSS 6.1
CVE-2018-12912 EXPLOITDB HIGH text VERIFIED
HongCMS 3.0.0 - SQL Injection via Database Empty Table URI Parameter
An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI.
by Hzllaga
CVSS 7.2
CVE-2018-12739 EXPLOITDB HIGH html
BEESCMS 4.0 - Cross-Site Request Forgery
In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.
by bay0net
CVSS 8.8
CVE-2018-0296 EXPLOITDB HIGH python
Cisco ASA & FTD - Unauthenticated DoS & Info Disclosure via HTTP URL
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.
by Yassine Aboukir
CVSS 7.5
CVE-2018-11138 EXPLOITDB CRITICAL ruby VERIFIED
Quest KACE System Management Appliance 8.0.318 - Unauthenticated OS Command Injection via download_agent_installer.php
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.
by Metasploit
CVSS 9.8
EIP-2026-113508 EXPLOITDB text
WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion
by VulnSpy
EIP-2026-103282 EXPLOITDB python VERIFIED
HPE VAN SDN 2.7.18.0503 - Remote Root
by KoreLogic
CVE-2018-8002 EXPLOITDB HIGH text
PoDoFo 0.9.5 - Denial of Service via Infinite Loop in PdfParserObject
In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.
by r4xis
CVSS 8.8
EIP-2026-102393 EXPLOITDB text
Liferay Portal < 7.0.4 - Server-Side Request Forgery
by Mehmet Ince
CVE-2018-9948 EXPLOITDB MEDIUM text VERIFIED
Foxit PDF Reader Pointer Overwrite UAF
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5380.
by mr_me
CVSS 6.5
CVE-2018-25152 EXPLOITDB MEDIUM text
Ecessa Edge EV150 10.7.4 - Unauthenticated Cross-Site Request Forgery via /cgi-bin/pl_web.cgi/util_configlogin_act
Ecessa Edge EV150 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a form that submits requests to the /cgi-bin/pl_web.cgi/util_configlogin_act endpoint to add superuser accounts with arbitrary credentials.
by LiquidWorm
CVSS 5.3
CVE-2018-25151 EXPLOITDB MEDIUM text
Ecessa WANWorx WVR-30 <10.7.4 - CSRF
Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an authenticated administrator into loading the page.
by LiquidWorm
CVSS 4.3
CVE-2018-25150 EXPLOITDB MEDIUM text
Ecessa ShieldLink SL175EHQ 10.7.4 - CSRF
Ecessa ShieldLink SL175EHQ 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a hidden form to add a superuser account by tricking a logged-in administrator into loading the page.
by LiquidWorm
CVSS 5.3
CVE-2018-12529 EXPLOITDB HIGH text
Intex N150 Firmware - Cross-Site Request Forgery
An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings.
by Samrat Das
CVSS 8.8
CVE-2018-12529 EXPLOITDB HIGH text
Intex N150 Firmware - Cross-Site Request Forgery
An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings.
by Samrat Das
CVSS 8.8
CVE-2018-12528 EXPLOITDB HIGH text
Intex N150 Firmware - Unrestricted Upload of Dangerous File Type via Backup/Restore Function
An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router firmware settings or even the uploading of malicious files. In order to exploit the vulnerability, an attacker can upload any malicious file and force reboot the router with it.
by Samrat Das
CVSS 8.1
CVE-2018-9958 EXPLOITDB HIGH text VERIFIED
Foxit Reader and PhantomPDF < 9.0.1.1049 - Remote Code Execution via Text Annotation Point Attribute
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620.
by mr_me
CVSS 8.8
CVE-2018-12636 EXPLOITDB HIGH text
iThemes Security <7.0.3 - SQL Injection
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
by Çlirim Emini
CVSS 7.2