Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-8214 EXPLOITDB HIGH text VERIFIED
Windows Desktop Bridge - Privilege Escalation
An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8208.
by Google Security Research
CVSS 7.0
CVE-2018-8208 EXPLOITDB HIGH text VERIFIED
Windows 10 and Windows Server 2016 - Elevation of Privilege via Desktop Bridge Virtual Registry
An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8214.
by Google Security Research
CVSS 7.0
CVE-2018-10956 EXPLOITDB HIGH ruby
IPConfigure Orchid Core VMS 2.0.5 - Path Traversal
IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal.
by Nettitude
CVSS 7.5
CVE-2017-12636 EXPLOITDB HIGH python VERIFIED
Apache CouchDB < 1.7.0 and 2.x < 2.1.1 - Authenticated OS Command Injection via Configuration Options
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
by Cody Zacharias
CVSS 7.2
CVE-2018-12453 EXPLOITDB HIGH text
Redis < 5.0 - Denial of Service via XGROUP Command Type Confusion
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
by Fakhri Zulkifli
CVSS 7.5
CVE-2018-12327 EXPLOITDB CRITICAL text
NTP 4.2.8p11 - Stack-based Buffer Overflow via IPv4/IPv6 Command-line Parameter
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
by Fakhri Zulkifli
CVSS 9.8
CVE-2018-12525 EXPLOITDB MEDIUM text
perfSONAR MaDDash <2.0.2 - Info Disclosure
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing.
by ManhNho
CVSS 5.3
CVE-2018-25355 EXPLOITDB HIGH python
Audiograbber 1.83 Local Buffer Overflow via SEH
Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious input in the Interpret or Album fields that triggers a buffer overflow, overwriting SEH pointers and executing injected shellcode with application privileges.
by Dennis 'dhn' Herrmann
CVSS 8.4
CVE-2018-25354 EXPLOITDB MEDIUM html
Joomla Component jomres 9.11.2 Cross-Site Request Forgery
Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pages. Attackers can craft HTML forms targeting the account/index endpoint with hidden fields to change passwords, email addresses, and profile details without user consent.
by L0RD
CVSS 4.3
CVE-2018-12632 EXPLOITDB MEDIUM text
Redatam < 7 - Information Disclosure via Invalid LFN Parameter
Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI.
by Berk Dusunur
CVSS 5.3
CVE-2018-12631 EXPLOITDB HIGH text
Redatam < 7 - Unauthenticated Path Traversal via LFN Parameter
Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.
by Berk Dusunur
CVSS 7.5
CVE-2018-12292 EXPLOITDB CRITICAL text
Pale Moon < 27.9.3 - Use-After-Free in DOMProxyHandler
A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject in Pale Moon before 27.9.3.
by Berk Cem Göksel
CVSS 9.8
CVE-2018-0824 EXPLOITDB HIGH text
Microsoft Windows - Remote Code Execution via Untrusted Object Deserialization
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Code White
CVSS 8.8
EIP-2026-103314 EXPLOITDB text
RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery (Add Admin)
by Dolev Farhi
CVE-2018-12326 EXPLOITDB HIGH python
Redis <4.0.10 & 5.x <5.0 RC3 - Buffer Overflow
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
by Fakhri Zulkifli
CVSS 8.4
CVE-2018-11652 EXPLOITDB CRITICAL text
Nikto < 2.1.6 - CSV Injection via Server Field in HTTP Response Header
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.
by Adam Greenhill
CVSS 9.8
EIP-2026-117937 EXPLOITDB
Soroush IM Desktop App 0.15 (beta) - Authentication Bypass
by VortexNeoX64
CVE-2018-12095 EXPLOITDB MEDIUM text
OEcms v3.1 - Reflected Cross-Site Scripting via info.php mod Parameter
A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php.
by Renzi
CVSS 5.4
CVE-2018-12094 EXPLOITDB MEDIUM text
Dimofinf CMS 3.0.0 - Cross-Site Scripting via News.php ID Parameter
Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
by Renzi
CVSS 5.4
CVE-2018-12254 EXPLOITDB HIGH php
Harmis Ek Rishta <2.10 - SQL Injection
router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI.
by Guilherme Assmann
CVSS 8.8
EIP-2026-102735 EXPLOITDB python
rtorrent 0.9.6 - Denial of Service
by ecx86
CVE-2018-25353 EXPLOITDB HIGH text
Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload
Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the blacklist filter and execute arbitrary code.
by h0n1gsp3cht
CVSS 8.8
CVE-2018-10619 EXPLOITDB HIGH text
RSLinx Classic <3.90.01 - Privilege Escalation
An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation.
by LiquidWorm
CVSS 7.8
CVE-2018-0982 EXPLOITDB HIGH text VERIFIED
Windows 10 and Windows Server 2016 - Elevation of Privilege via Kernel API Permission Enforcement
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 7.0
CVE-2018-12114 EXPLOITDB HIGH html
Maccms 10 - Cross-Site Request Forgery via Admin Account Creation
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
by bay0net
CVSS 8.8