Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-1122 EXPLOITDB HIGH text
procps-ng <3.3.15 - Privilege Escalation
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
by Qualys Corporation
CVSS 7.3
CVE-2018-1121 EXPLOITDB LOW text
procps < 3.3.15 - Process Hiding via Race Condition in /proc/PID Enumeration
procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.
by Qualys Corporation
CVSS 3.9
CVE-2018-1120 EXPLOITDB LOW text
Linux Kernel < 4.17 - Denial of Service via FUSE mmap and /proc Read Blocking
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
by Qualys Corporation
CVSS 2.8
CVE-2018-6410 EXPLOITDB CRITICAL text VERIFIED
MachForm - SQL Injection via Download Page q Parameter
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.
by Amine Taouirsa
CVSS 9.8
CVE-2018-6409 EXPLOITDB MEDIUM text VERIFIED
MachForm < 4.2.3 - Path Traversal via download.php q Parameter
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
by Amine Taouirsa
CVSS 5.3
CVE-2018-6411 EXPLOITDB CRITICAL text VERIFIED
MachForm - Unrestricted Upload of File with Dangerous Type via SQL Injection in ap_form_elements
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.
by Amine Taouirsa
CVSS 9.8
CVE-2018-10094 EXPLOITDB CRITICAL text VERIFIED
Dolibarr < 7.0.2 - SQL Injection via Integer Parameter
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.
by Sysdream
CVSS 9.8
CVE-2018-11522 EXPLOITDB MEDIUM text
Yosoro 1.0.4 - Stored Cross-Site Scripting
Yosoro 1.0.4 has stored XSS.
by Carlo Pelliccioni
CVSS 6.1
CVE-2018-1124 EXPLOITDB HIGH text
procps-ng <3.3.15 - Privilege Escalation
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
by Qualys Corporation
CVSS 7.8
CVE-2015-2177 EXPLOITDB HIGH python
SIMATIC S7-300 CPU Firmware - Denial of Service via Crafted Packets on TCP Port 102 or Profibus
Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus.
by t4rkd3vilz
CVSS 7.5
CVE-2018-11538 EXPLOITDB HIGH text
Searchblox - Cross-Site Request Forgery
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.
by Ahmet Gurel
CVSS 8.8
CVE-2018-25154 EXPLOITDB CRITICAL text
GNU Barcode 0.99 - Buffer Overflow in Code 93 Encoding
GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system.
by LiquidWorm
CVSS 9.8
CVE-2018-11535 EXPLOITDB CRITICAL text
SITEMAKIN SLAC 1.0 - SQL Injection via my_item_search Parameter
An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection.
by Divya Jain
CVSS 9.8
CVE-2018-11532 EXPLOITDB MEDIUM text
ChangUonDyU Advanced Statistics 1.0.2 - Cross-Site Scripting via Subject Field
An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field.
by 0xB9
CVSS 6.1
EIP-2026-107027 EXPLOITDB text
Facebook Clone Script 1.0.5 - Cross-Site Request Forgery
by L0RD
EIP-2026-107026 EXPLOITDB text
Facebook Clone Script 1.0.5 - 'search' SQL Injection
by L0RD
EIP-2026-102856 EXPLOITDB text
GNU Barcode 0.99 - Memory Leak
by LiquidWorm
CVE-2018-11523 EXPLOITDB CRITICAL text
NUUO NVRmini 2 Firmware < 3.6.5 - Arbitrary File Upload via upload.php
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.
by M3@Pandas
CVSS 9.8
EIP-2026-100375 EXPLOITDB text
IssueTrak 7.0 - SQL Injection
by Chris Anastasio
CVE-2018-25337 EXPLOITDB MEDIUM html
Joomla JoomOCShop 1.0 Cross-Site Request Forgery
Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML forms targeting account endpoints like /joomoc2/?route=account/edit and to modify user information or reset passwords without user consent.
by L0RD
CVSS 4.3
CVE-2018-25336 EXPLOITDB MEDIUM html
Joomla jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery
jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details when victims visit the attacker-controlled page.
by L0RD
CVSS 5.3
CVE-2018-11714 EXPLOITDB CRITICAL text
TP-Link TL-WR840N/TL-WR841N <5 - Info Disclosure
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action.
by BlackFog Team
CVSS 9.8
EIP-2026-119656 EXPLOITDB python
CloudMe Sync < 1.11.0 - Buffer Overflow (SEH) (DEP Bypass)
by Juan Prescotto
EIP-2026-119509 EXPLOITDB python
ALFTP 5.31 - Local Buffer Overflow (SEH Bypass)
by Gokul Babu
EIP-2026-113729 EXPLOITDB text
WordPress Plugin Events Calendar - SQL Injection
by AkkuS