Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-1111 EXPLOITDB HIGH ruby VERIFIED
DHCP Client Command Injection (DynoRoot)
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
by Metasploit
CVSS 7.5
CVE-2018-1000001 EXPLOITDB HIGH ruby VERIFIED
glibc < 2.26 - Buffer Underflow and Potential Code Execution via realpath()
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
by Metasploit
CVSS 7.8
CVE-2018-25352 EXPLOITDB HIGH text
WordPress Ultimate Form Builder Lite 1.3.7 SQL Injection via entry_id
WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entry_id POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint with the ufbl_get_entry_detail_action action to extract, modify, or escalate privileges within the WordPress database.
by defensecode
CVSS 7.1
CVE-2018-25351 EXPLOITDB HIGH text
Joomla! Component EkRishta 2.10 SQL Injection via username
Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads in the username field to extract database information including user credentials and system details.
by L0RD
CVSS 8.2
CVE-2018-5755 EXPLOITDB MEDIUM text
Open-Xchange OX App Suite <7.6.3-rev3-7.8.4-rev4 - Path Traversal
Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.
by Open-Xchange
CVSS 5.5
CVE-2018-5754 EXPLOITDB MEDIUM text
Open-Xchange OX App Suite <7.8.3-rev12 & <7.8.4-rev9 - XSS
Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard.
by Open-Xchange
CVSS 5.4
CVE-2018-5753 EXPLOITDB MEDIUM text
Open-Xchange OX App Suite <7.6.3-7.8.4 - Info Disclosure
The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address.
by Open-Xchange
CVSS 6.5
CVE-2018-5752 EXPLOITDB HIGH text
Open-Xchange OX App Suite <7.6.3-7.8.4 - SSRF
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.
by Open-Xchange
CVSS 8.8
CVE-2018-5751 EXPLOITDB MEDIUM text
Open-Xchange OX App Suite <7.6.3-7.8.4 - Info Disclosure
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs.
by Open-Xchange
CVSS 6.5
CVE-2017-17062 EXPLOITDB MEDIUM text
Open-xchange Appsuite < 7.6.3 - XSS
The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management.
by Open-Xchange
CVSS 6.5
CVE-2018-5756 EXPLOITDB MEDIUM text
Open-xchange Appsuite < 7.6.3 - Improper Privilege Management
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks.
by Open-Xchange
CVSS 4.3
EIP-2026-113795 EXPLOITDB text
WordPress Plugin Google Map < 4.0.4 - SQL Injection
by defensecode
CVE-2018-12111 EXPLOITDB MEDIUM text
Canon EFI PrintMe - Stored Cross-Site Scripting via PATH_INFO to /wt3/mydocs.php
Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI.
by Huy Kha
CVSS 6.1
CVE-2018-25350 EXPLOITDB CRITICAL python
userSpice 4.3.24 Username Enumeration via existingUsernameCheck.php
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing accounts in the system.
by Dolev Farhi
CVSS 9.8
CVE-2018-25349 EXPLOITDB MEDIUM perl
userSpice 4.3.24 Cross-Site Scripting via X-Forwarded-For Header
userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators visit the audit log page.
by Dolev Farhi
CVSS 6.1
CVE-2018-25348 EXPLOITDB HIGH text
Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail
Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the user_detail view with malicious cid values containing SQL commands to extract sensitive database information.
by 41!kh4224rDz
CVSS 8.2
CVE-2018-10969 EXPLOITDB CRITICAL text
Pie Register < 3.0.10 - SQL Injection via Invitation Codes Grid
SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.
by Manuel García Cárdenas
CVSS 9.8
CVE-2018-12055 EXPLOITDB CRITICAL text
PHP Scripts Mall Schools Alert Mgmt - SQL Injection
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.
by M3@Pandas
CVSS 9.8
CVE-2018-12054 EXPLOITDB HIGH text
PHP Scripts Mall Schools Alert Mgt - Path Traversal
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.
by M3@Pandas
CVSS 7.5
CVE-2018-12053 EXPLOITDB HIGH text
PHP Scripts Mall Schools Alert Mgmt - Path Traversal
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.
by M3@Pandas
CVSS 7.5
CVE-2018-12052 EXPLOITDB CRITICAL text
PHP Scripts Mall Schools Alert Mgt - SQL Injection
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.
by M3@Pandas
CVSS 9.8
EIP-2026-106934 EXPLOITDB text
Event Manager Admin panel - 'events_new.php' SQL injection
by telahdihapus
CVE-2018-11646 EXPLOITDB HIGH ruby
WebKitGTK+ <2.21.3 - Use After Free
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash.
by Dhiraj Mishra
CVSS 7.5
EIP-2026-101991 EXPLOITDB
Siaberry 1.2.2 - Command Injection
by Space Duck
CVE-2018-10507 EXPLOITDB MEDIUM text VERIFIED
Trend Micro OfficeScan <11.0 SP1 - Privilege Escalation
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.
by hyp3rlinx
CVSS 4.4