Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110496 EXPLOITDB text
PaulPrinting CMS Printing 1.0 - SQL Injection
by Mehmet Onder
EIP-2026-109919 EXPLOITDB text
NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection
by AkkuS
EIP-2026-109918 EXPLOITDB text
NewsBee CMS 1.4 - 'download.php' SQL Injection
by AkkuS
EIP-2026-107971 EXPLOITDB text
iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery
by L0RD
EIP-2026-107067 EXPLOITDB text
Feedy RSS News Ticker 2.0 - 'cat' SQL Injection
by AkkuS
EIP-2026-106695 EXPLOITDB text
Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting
by AkkuS
EIP-2026-105304 EXPLOITDB text
Auto Car 1.2 - 'car_title' SQL Injection / Cross-Site Scripting
by L0RD
CVE-2014-2908 EXPLOITDB text
SIMATIC S7-1200 CPU 2.x-3.x - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by t4rkd3vilz
EIP-2026-103304 EXPLOITDB text
NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection
by AkkuS
CVE-2016-8655 EXPLOITDB HIGH ruby VERIFIED
AF_PACKET chocobo_root Privilege Escalation
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
by Metasploit
CVSS 7.8
EIP-2026-102816 EXPLOITDB text
Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read
by Paul Taylor
CVE-2014-5074 EXPLOITDB python
Siemens SIMATIC S7-1500 CPU Firmware < 1.6 - Denial of Service via Crafted TCP Packets
Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets.
by t4rkd3vilz
CVE-2018-11339 EXPLOITDB MEDIUM text
Frappe ERPNext v11.x.x-develop - Stored Cross-Site Scripting via Comment
An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.
by Veerababu Penugonda
CVSS 6.1
CVE-2018-3639 EXPLOITDB MEDIUM c VERIFIED
Intel Atom C/E/X5/X7/Z - Information Disclosure via Speculative Store Bypass
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
by Google Security Research
CVSS 5.5
CVE-2018-11242 EXPLOITDB MEDIUM text
MakeMyTrip 7.2.4 - Cleartext Storage of Sensitive Information in Local Databases
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
by Divya Jain
CVSS 6.5
CVE-2018-25332 EXPLOITDB CRITICAL python
GitBucket 4.23.1 Unauthenticated Remote Code Execution
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR plugin via the git-lfs endpoint, and execute system commands through an exposed exploit endpoint.
by Kacper Szurek
CVSS 9.8
CVE-2018-25331 EXPLOITDB MEDIUM text
Zenar Content Management System Cross-Site Scripting via ajax.php
Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attackers can inject script tags through the current_page parameter sent to the ajax.php endpoint, which reflects unsanitized user input in the response HTML to execute arbitrary JavaScript in victim browsers.
by Berk Dusunur
CVSS 6.1
CVE-2018-25298 EXPLOITDB MEDIUM text
Merge PACS 7.0 Cross-Site Request Forgery via merge-viewer
Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hijack user sessions and gain unauthorized access to the PACS system.
by Safak Aslan
CVSS 5.3
CVE-2019-25252 EXPLOITDB MEDIUM html
Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery via Password Change Request
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in administrator visits the page.
by LiquidWorm
CVSS 4.3
CVE-2019-25251 EXPLOITDB MEDIUM text
Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery via URL Parameter
Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xml_url'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP requests to arbitrary destinations.
by LiquidWorm
CVSS 6.5
CVE-2018-25156 EXPLOITDB MEDIUM html
Teradek Cube 7.3.6 - Cross-Site Request Forgery via Password Change Request
Teradek Cube 7.3.6 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page with a hidden form to submit password change requests to the device's system configuration interface.
by LiquidWorm
CVSS 4.3
CVE-2018-25155 EXPLOITDB MEDIUM html
Teradek Slice 7.3.15 - Cross-Site Request Forgery
Teradek Slice 7.3.15 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page that automatically submits password change requests to the device when a logged-in user visits the page.
by LiquidWorm
CVSS 4.3
EIP-2026-119553 EXPLOITDB python
R 3.4.4 - Local Buffer Overflow (DEP Bypass)
by Hashim Jawad
CVE-2013-0663 EXPLOITDB text
Schneider Electric Modicon Quantum, M340, and Premium PLC - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.
by t4rkd3vilz
CVE-2018-8174 EXPLOITDB HIGH html
Windows VBScript Engine - Remote Code Execution via Memory Object Handling
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by smgorelik
CVSS 7.5