Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-11885 EXPLOITDB MEDIUM python VERIFIED
Microsoft Windows RRAS Service - Remote Code Execution
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability".
by vportal
CVSS 6.6
CVE-2018-10311 EXPLOITDB MEDIUM text
WUZHI CMS 4.1.0 - XSS
A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.
by jiguang
CVSS 6.1
CVE-2018-10313 EXPLOITDB MEDIUM text
WUZHI CMS 4.1.0 - XSS
WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.
by jiguang
CVSS 5.4
CVE-2018-9155 EXPLOITDB MEDIUM text
Open-AudIT Professional 2.1.1 - Stored Cross-Site Scripting via Component Name Field
Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the "Name (display)" field to the attributes/create URI).
by Tejesh Kolisetty
CVSS 5.4
CVE-2018-10314 EXPLOITDB MEDIUM text
Open-AudIT Community 2.2.0 - Stored Cross-Site Scripting via Component Name
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.
by Tejesh Kolisetty
CVSS 5.4
CVE-2018-1185 EXPLOITDB MEDIUM text
EMC RecoverPoint <5.1.1, 5.0.1.3 - Command Injection
An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.
by Paul Taylor
CVSS 6.7
CVE-2018-10830 EXPLOITDB HIGH c++
2345 Security Guard 3.7 - Denial of Service via IOCtl 0x002220e0
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x002220e0.
by anhkgg
CVSS 7.8
CVE-2018-10828 EXPLOITDB MEDIUM c
Alps Pointing-device Driver 10.1.101.207 - Denial of Service via ApMsgFwd File Mapping Object
An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when invalid pointers are written to the mapped section. This driver has been used with Dell, ThinkPad, and VAIO devices.
by Souhail Hammou
CVSS 5.5
CVE-2018-10580 EXPLOITDB MEDIUM text
MyBB Latest Posts on Profile 1.1 - XSS
The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread subject) field.
by 0xB9
CVSS 5.4
CVE-2008-4687 EXPLOITDB ruby VERIFIED
Mantis < 1.1.4 - Authenticated Remote Code Execution via Sort Parameter
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
by Metasploit
CVE-2018-10832 EXPLOITDB MEDIUM text
ModbusPal 1.6b - XML External Entity Injection via Crafted .xmpp or .xmpa Files
ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will return the contents of any local files to a remote attacker.
by Trent Gordon
CVSS 5.5
CVE-2018-6023 EXPLOITDB HIGH html
Fastweb FASTgate 0.00.47 - Cross-Site Request Forgery
Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc.
by Raffaele Sabato
CVSS 8.8
CVE-2018-25211 EXPLOITDB HIGH python
Allok Video Splitter 3.1.1217 Buffer Overflow via License Name
Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service or execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious payload exceeding 780 bytes, paste it into the License Name registration field, and trigger the overflow when the Register button is clicked.
by Achilles
CVSS 7.8
EIP-2026-117568 EXPLOITDB text
Microsoft Windows FxCop 10/12 - XML External Entity Injection
by hyp3rlinx
CVE-2018-10809 EXPLOITDB HIGH c
2345 Security Guard 3.7 - Denial of Service via IOCtl 0x00222040
In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-8873.
by anhkgg
CVSS 7.8
CVE-2018-7573 EXPLOITDB CRITICAL python VERIFIED
FTPShell Client 6.7 - Remote Code Execution via FTP 220 Response Buffer Overflow
An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and CVE-2017-6465.
by r4wd3r
CVSS 9.8
CVE-2017-15944 EXPLOITDB CRITICAL ruby VERIFIED
Palo Alto Network PAN-OS - Remote Code Execution
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.
by Metasploit
CVSS 9.8
CVE-2017-9080 EXPLOITDB HIGH ruby VERIFIED
PlaySMS 1.4 - Remote Code Execution
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.
by Metasploit
CVSS 8.8
CVE-2017-9101 EXPLOITDB CRITICAL ruby VERIFIED
PlaySMS 1.4 - Remote Code Execution
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.
by Metasploit
CVSS 9.8
CVE-2018-10655 EXPLOITDB HIGH text
DeviceLock Plug and Play Auditor <5.72 - Buffer Overflow
DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 has a Unicode Buffer Overflow (SEH).
by hyp3rlinx
CVSS 7.8
EIP-2026-115407 EXPLOITDB python
HWiNFO 5.82-3410 - Denial of Service
by bzyo
EIP-2026-114160 EXPLOITDB ruby
WordPress Plugin User Role Editor < 4.25 - Privilege Escalation
by Tomislav Paskalev
CVE-2018-10757 EXPLOITDB CRITICAL text
CSP MySQL User Manager 2.3.1 - SQL Injection and Authentication Bypass via Login Username
CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt.
by Youssef Mami
CVSS 9.8
CVE-2018-0494 EXPLOITDB MEDIUM text
GNU Wget < 1.19.5 - Cookie Injection via HTTP Response Continuation Line
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
by Harry Sintonen
CVSS 6.5
CVE-2016-0040 EXPLOITDB HIGH ruby VERIFIED
Microsoft Windows - Privilege Escalation
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
by Metasploit
CVSS 7.8