Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-25313 EXPLOITDB MEDIUM python
SysGauge 4.5.18 Local Denial of Service via Proxy Configuration
SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can inject a large payload through the Proxy Server Host Name field in the Options menu to crash the application.
by Hashim Jawad
CVSS 6.2
CVE-2018-25114 EXPLOITDB CRITICAL python VERIFIED
osCommerce Online Merchant <2.3.4.1 - RCE
A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, the /install/ directory remains accessible after installation. An unauthenticated attacker can invoke install_4.php, submit crafted POST data, and inject arbitrary PHP code into the configure.php file. When the application later includes this file, the injected payload is executed, resulting in full server-side compromise.
by Simon Scannell
CVE-2018-9115 EXPLOITDB MEDIUM python
Systematic SitaWare 6.4 SP2 - Denial of Service via NVG Interface Input
Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., information utilizing the NVG interface. An attacker can freeze the Situational Layer, which means that the Situational Picture is no longer updated. Unfortunately, the user cannot notice until he tries to work with that layer.
by 2u53
CVSS 5.3
EIP-2026-118243 EXPLOITDB python
Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow
by Chris Lyne
EIP-2026-117158 EXPLOITDB python
Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow
by Himavanth Reddy
CVE-2018-8719 EXPLOITDB MEDIUM text
WP Security Audit Log <3.1.1 - Info Disclosure
An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information.
by Colette Chamberland
CVSS 5.3
CVE-2018-9034 EXPLOITDB MEDIUM text
Relevanssi < 4.0.4 - Cross-Site Scripting via Tab GET Parameter
Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter.
by Stefan Broeder
CVSS 5.4
CVE-2018-9035 EXPLOITDB CRITICAL text
Contact Form 7 to Database Ext <2.10.32 - Code Injection
CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.
by Stefan Broeder
CVSS 9.6
CVE-2016-1713 EXPLOITDB HIGH ruby
vtiger CRM 6.4.0 - Authenticated Remote Code Execution via Company Logo Upload
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.
by Touhid M.Shaikh
CVSS 7.3
CVE-2018-9092 EXPLOITDB HIGH html
MiniCMS 1.10 - Cross-Site Request Forgery in Admin Configuration
There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password.
by zixian
CVSS 8.8
CVE-2018-9106 EXPLOITDB HIGH text VERIFIED
Acyba AcySMS < 3.5.0 - CSV Injection via Export Feature
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export.
by Sureshbabu Narvaneni
CVSS 8.8
CVE-2018-9107 EXPLOITDB HIGH text VERIFIED
Acyba AcyMailing <5.9.6 - CSV Injection
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.
by Sureshbabu Narvaneni
CVSS 8.8
CVE-2018-9032 EXPLOITDB CRITICAL text
D-Link DIR-850L Firmware 1.02-2.06 - Authentication Bypass via SharePort Web Access Portal
An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php.
by Gem George
CVSS 9.8
CVE-2018-8979 EXPLOITDB HIGH text
Open-audit - Cross-Site Request Forgery
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.
by Nilesh Sapariya
CVSS 8.8
CVE-2018-7297 EXPLOITDB CRITICAL ruby
Homematic CCU2 Firmware < 2.29.22 - Unauthenticated Remote Code Execution via TCL Script Interpreter
Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
by Patrick Muench and Gregor Kopf
CVSS 9.8
CVE-2018-7300 EXPLOITDB CRITICAL ruby
Homematic CCU2 Firmware < 2.29.22 - Unauthenticated Path Traversal and Arbitrary File Write via User.setLanguage Method
Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
by Patrick Muench and Gregor Kopf
CVSS 9.8
EIP-2026-100586 EXPLOITDB text
Tenda W316R Wireless Router 5.07.50 - Remote DNS Change
by Todor Donev
CVE-2018-5955 EXPLOITDB CRITICAL ruby VERIFIED
GitStack <2.3.10 - Privilege Escalation
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.
by Metasploit
CVSS 9.8
CVE-2018-1000006 EXPLOITDB HIGH ruby VERIFIED
Electron < 1.7.11 - Remote Code Execution via Protocol Handler
GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16.
by Metasploit
CVSS 8.8
CVE-2017-8917 EXPLOITDB CRITICAL ruby VERIFIED
Joomla! 3.7.x - SQL Injection
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
by Metasploit
CVSS 9.8
CVE-2018-0171 EXPLOITDB CRITICAL python
Cisco IOS - Remote Code Execution or Denial of Service via Smart Install Message
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186.
by embedi
CVSS 9.8
CVE-2018-9148 EXPLOITDB CRITICAL python
Western Digital My Cloud Firmware v04.05.00-320 - Authentication Bypass via Session Token in Filename
Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication bypass within a product that uses My Cloud.
by Sven Fassbender
CVSS 9.8
CVE-2018-0878 EXPLOITDB LOW text VERIFIED
Windows Remote Assistance - Information Disclosure via XML External Entity Processing
Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability".
by Nabeel Ahmed
CVSS 3.1
CVE-2018-8903 EXPLOITDB MEDIUM text
Open-AudIT Professional 2.1 - Stored Cross-Site Scripting via Credentials Name or Description Field
Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen.
by Nilesh Sapariya
CVSS 5.4
CVE-2018-7203 EXPLOITDB MEDIUM text
Twonky Server 7.0.11-8.5 - Cross-Site Scripting via Friendlyname Parameter
Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all.
by Sven Fassbender
CVSS 6.1