Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-7284 EXPLOITDB HIGH python VERIFIED
Asterisk Buffer Overflow via SUBSCRIBE Request Accept Headers
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.
by EnableSecurity
CVSS 7.5
EIP-2026-102562 EXPLOITDB python VERIFIED
Asterisk chan_pjsip 15.2.0 - 'SDP' Denial of Service
by EnableSecurity
EIP-2026-102561 EXPLOITDB python VERIFIED
Asterisk chan_pjsip 15.2.0 - 'SDP fmtp' Denial of Service
by EnableSecurity
CVE-2018-7286 EXPLOITDB MEDIUM python VERIFIED
Asterisk 13.x-13.19.1, 14.x<14.7.5, 15.x-15.2.1, Certified Asterisk <13.18 - DoS via SIP INVITE
An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.
by EnableSecurity
CVSS 6.5
EIP-2026-101460 EXPLOITDB
Sony Playstation 4 (PS4) 4.55 - 'Jailbreak' 'setAttributeNodeNS' WebKit 5.02 / 'bpf' Kernel Loader 4.55
by Specter
EIP-2026-101084 EXPLOITDB
Sony Playstation 4 (PS4) 5.01 < 5.05 - WebKit Code Execution (PoC)
by ALEXZZZ9
CVE-2018-5999 EXPLOITDB CRITICAL ruby VERIFIED
AsusWRT <3.0.0.4.384_10007 - Info Disclosure
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.
by Metasploit
CVSS 9.8
EIP-2026-118418 EXPLOITDB ruby VERIFIED
Disk Savvy Enterprise 10.4.18 - Stack-Based Buffer Overflow (Metasploit)
by Metasploit
EIP-2026-118417 EXPLOITDB ruby VERIFIED
Disk Savvy Enterprise 10.4.18 - Stack-Based Buffer Overflow (Metasploit)
by Metasploit
CVE-2018-6892 EXPLOITDB CRITICAL ruby VERIFIED
CloudMe Sync < 1.10.9 - Unauthenticated Remote Buffer Overflow via Port 8888
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.
by Metasploit
CVSS 9.8
CVE-2018-6000 EXPLOITDB CRITICAL ruby VERIFIED
AsusWRT <3.0.0.4.384_10007 - Privilege Escalation
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.
by Metasploit
CVSS 9.8
EIP-2026-101136 EXPLOITDB c
Sony Playstation 4 (PS4) 4.07 < 4.55 - 'bpf' Local Kernel Code Execution (PoC)
by qwertyoruiop
EIP-2026-100068 EXPLOITDB
Papenmeier WiFi Baby Monitor Free & Lite < 2.02.2 - Remote Audio Record
by iamrastating
CVE-2018-6229 EXPLOITDB CRITICAL text VERIFIED
Trend Micro Email Encryption Gateway 5.5 - SQL Injection via Edit Policy Script
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
by Core Security
CVSS 9.8
CVE-2018-6228 EXPLOITDB CRITICAL text VERIFIED
Trend Micro Email Encryption Gateway 5.5 - SQL Injection via Policy Script
A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
by Core Security
CVSS 9.8
CVE-2018-6227 EXPLOITDB MEDIUM text VERIFIED
Trend Micro Email Encryption Gateway 5.5 - Stored Cross-Site Scripting
A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems.
by Core Security
CVSS 5.4
CVE-2018-6226 EXPLOITDB MEDIUM text VERIFIED
Trend Micro Email Encryption Gateway 5.5 - Reflected Cross-Site Scripting in Configuration Files
Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems.
by Core Security
CVSS 5.4
CVE-2018-6225 EXPLOITDB MEDIUM text VERIFIED
Trend Micro Email Encryption Gateway 5.5 - Authenticated XML External Entity Injection
An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.
by Core Security
CVSS 4.3
CVE-2018-6224 EXPLOITDB HIGH text VERIFIED
Trend Micro Email Encryption Gateway 5.5 - Cross-Site Request Forgery
A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain.
by Core Security
CVSS 8.8
CVE-2018-6223 EXPLOITDB CRITICAL text VERIFIED
Trend Micro Email Encryption Gateway 5.5 - Unauthenticated Appliance Registration Manipulation
A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters.
by Core Security
CVSS 9.8
CVE-2018-6222 EXPLOITDB HIGH text VERIFIED
Trend Micro Email Encryption Gateway 5.5 - OS Command Injection via Log File Location Manipulation
Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system.
by Core Security
CVSS 7.8
CVE-2018-6221 EXPLOITDB HIGH text VERIFIED
Trend Micro Email Encryption Gateway 5.5 - Unvalidated Software Update
An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own.
by Core Security
CVSS 8.1
CVE-2018-6220 EXPLOITDB CRITICAL text VERIFIED
Trend Micro Email Encryption Gateway 5.5 - Arbitrary File Write
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems.
by Core Security
CVSS 9.8
CVE-2018-6219 EXPLOITDB MEDIUM text VERIFIED
Trend Micro Email Encryption Gateway 5.5 - Insecure Update via HTTP
An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data.
by Core Security
CVSS 6.5
CVE-2018-6947 EXPLOITDB HIGH python
NoMachine < 6.0.66_2 - Local Privilege Escalation via Uninitialized Stack Variable in nxfuse
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.
by Fidus InfoSecurity
CVSS 7.8