Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113195 EXPLOITDB text
Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting
by L0RD
EIP-2026-112486 EXPLOITDB text
Superfood 1.0 - Multiple Vulnerabilities
by L0RD
EIP-2026-111508 EXPLOITDB text
Private Message PHP Script 2.0 - Cross-Site Scripting
by L0RD
EIP-2026-109537 EXPLOITDB text
Model Agency Media House & Model Gallery 1.0 - Multiple Vulnerabilities
by L0RD
EIP-2026-107154 EXPLOITDB text
Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery
by L0RD
EIP-2026-107153 EXPLOITDB text
Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery
by L0RD
EIP-2026-105308 EXPLOITDB text
Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities
by L0RD
CVE-2015-5698 EXPLOITDB text
Siemens SIMATIC S7-1200 <4.1.3 - CSRF
Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
by t4rkd3vilz
CVE-2010-3904 EXPLOITDB HIGH ruby VERIFIED
Reliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
by Metasploit
CVSS 7.8
CVE-2018-9163 EXPLOITDB MEDIUM text
ManageEngine Recovery Manager Plus < 5.3 - Stored XSS via technicianAction.do loginName
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
by Ahmet Gurel
CVSS 5.4
CVE-2018-25330 EXPLOITDB HIGH text
Joomla! EkRishta 2.10 Persistent XSS and SQL Injection
Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when users visit the profile, or submit SQL injection payloads via the phone_no parameter to the user_setting endpoint to manipulate database queries.
by Sina Kheirkhah
CVSS 8.2
EIP-2026-117099 EXPLOITDB python VERIFIED
Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) (DEP Bypass)
by Juan Prescotto
CVE-2018-8898 EXPLOITDB CRITICAL text
D-Link DSL-3782 Firmware - Unauthenticated Authentication Bypass in Login Panel
A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel.
by Giulio Comi
CVSS 9.8
CVE-2018-25299 EXPLOITDB HIGH python
Prime95 29.4b8 Local Buffer Overflow via SEH
Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger the overflow and execute system commands.
by crash_manucoot
CVSS 8.4
CVE-2018-11227 EXPLOITDB MEDIUM text
Monstra CMS < 3.0.4 - Cross-Site Scripting via index.php
Monstra CMS 3.0.4 and earlier has XSS via index.php.
by Berk Dusunur
CVSS 6.1
CVE-2017-12500 EXPLOITDB HIGH ruby
HPE Intelligent Management Center PLAT 7.3 (E0504) - Remote Code Execution
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
by TrendyTofu
CVSS 8.8
CVE-2017-8982 EXPLOITDB HIGH ruby
HPE Intelligent Management Center PLAT 7.3 E0504P4 - Remote Authentication Restriction Bypass
A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.
by TrendyTofu
CVSS 7.5
CVE-2018-0980 EXPLOITDB HIGH javascript VERIFIED
Microsoft Edge and ChakraCore < 1.8.3 - Remote Code Execution via Memory Corruption
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019.
by Google Security Research
CVSS 7.5
EIP-2026-107831 EXPLOITDB text
Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery
by L0RD
EIP-2026-107567 EXPLOITDB text
Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery
by L0RD
EIP-2026-103320 EXPLOITDB text
SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure
by Richard Alviarez
EIP-2026-103319 EXPLOITDB text
SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion
by Richard Alviarez
CVE-2017-7308 EXPLOITDB HIGH ruby VERIFIED
AF_PACKET packet_set_ring Privilege Escalation
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.
by Metasploit
CVSS 7.8
CVE-2018-1111 EXPLOITDB HIGH python VERIFIED
DHCP Client Command Injection (DynoRoot)
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
by Kevin Kirsche
CVSS 7.5
EIP-2026-101591 EXPLOITDB text
Cisco SA520W Security Appliance - Path Traversal
by Nassim Asrir