Exploitdb Exploits

CVE-2013-0663 EXPLOITDB text

Schneider Electric - CSRF

Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.

by t4rkd3vilz

View

CVE-2018-8174 EXPLOITDB HIGH html

Windows VBScript Engine - RCE

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

by smgorelik

CVSS 7.5

View

EIP-2026-114600 EXPLOITDB text

Zenar Content Management System - Cross-Site Scripting

by Berk Dusunur

View

EIP-2026-113195 EXPLOITDB text

Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting

by L0RD

View

EIP-2026-112486 EXPLOITDB text

Superfood 1.0 - Multiple Vulnerabilities

by L0RD

View

EIP-2026-111508 EXPLOITDB text

Private Message PHP Script 2.0 - Cross-Site Scripting

by L0RD

View

EIP-2026-109537 EXPLOITDB text

Model Agency Media House & Model Gallery 1.0 - Multiple Vulnerabilities

by L0RD

View

EIP-2026-107154 EXPLOITDB text

Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery

by L0RD

View

EIP-2026-107153 EXPLOITDB text

Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery

by L0RD

View

EIP-2026-105308 EXPLOITDB text

Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities

by L0RD

View

CVE-2015-5698 EXPLOITDB text

Siemens SIMATIC S7-1200 <4.1.3 - CSRF

Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

by t4rkd3vilz

View

CVE-2010-3904 EXPLOITDB HIGH ruby VERIFIED

Reliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

by Metasploit

CVSS 7.8

View

CVE-2018-9163 EXPLOITDB MEDIUM text

Zohocorp Manageengine Recovery Manager Plus < 5.3 - XSS

A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.

by Ahmet Gurel

CVSS 5.4

View

EIP-2026-102369 EXPLOITDB python

GitBucket 4.23.1 - Remote Code Execution

by Kacper Szurek

View

EIP-2026-117099 EXPLOITDB python VERIFIED

Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) (DEP Bypass)

by Juan Prescotto

View

EIP-2026-108638 EXPLOITDB text

Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection

by Sina Kheirkhah

View

CVE-2018-8898 EXPLOITDB CRITICAL text

D-Link DSL-3782 - Auth Bypass

A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel.

by Giulio Comi

CVSS 9.8

View

CVE-2018-25299 EXPLOITDB HIGH python

Prime95 29.4b8 Local Buffer Overflow via SEH

Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger the overflow and execute system commands.

by crash_manucoot

CVSS 8.4

View

CVE-2018-11227 EXPLOITDB MEDIUM text

Monstra Cms < 3.0.4 - XSS

Monstra CMS 3.0.4 and earlier has XSS via index.php.

by Berk Dusunur

CVSS 6.1

View

CVE-2017-12500 EXPLOITDB HIGH ruby

HP Intelligent Management Center - Improper Input Validation

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

by TrendyTofu

CVSS 8.8

View

CVE-2017-8982 EXPLOITDB HIGH ruby

HPE iMC <7.3 - Auth Bypass

A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.

by TrendyTofu

CVSS 7.5

View

CVE-2018-0980 EXPLOITDB HIGH javascript VERIFIED

Microsoft Edge < 1.8.3 - Out-of-Bounds Write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019.

by Google Security Research

CVSS 7.5

View

EIP-2026-107831 EXPLOITDB text

Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery

by L0RD

View

EIP-2026-107567 EXPLOITDB text

Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery

by L0RD

View

EIP-2026-103320 EXPLOITDB text

SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure

by Richard Alviarez

View