Exploitdb Exploits

49,996 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-0860 EXPLOITDB HIGH javascript VERIFIED
Microsoft Edge < 1.8.1 - Out-of-Bounds Write
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0861, and CVE-2018-0866.
by Google Security Research
CVSS 7.5
CVE-2018-0840 EXPLOITDB HIGH javascript VERIFIED
Microsoft Internet Explorer - Out-of-Bounds Write
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
by Google Security Research
CVSS 7.5
CVE-2018-0834 EXPLOITDB HIGH javascript VERIFIED
Microsoft Chakracore < 1.8.1 - Out-of-Bounds Write
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
by Google Security Research
CVSS 7.5
CVE-2018-0838 EXPLOITDB HIGH javascript VERIFIED
Microsoft Chakracore < 1.8.1 - Out-of-Bounds Write
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
by Google Security Research
CVSS 7.5
CVE-2018-0837 EXPLOITDB HIGH javascript VERIFIED
Microsoft Chakracore < 1.8.1 - Out-of-Bounds Write
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
by Google Security Research
CVSS 7.5
CVE-2018-0770 EXPLOITDB HIGH text VERIFIED
Microsoft Edge < 1.7.6 - Out-of-Bounds Write
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
by Google Security Research
CVSS 7.5
CVE-2018-0835 EXPLOITDB HIGH javascript VERIFIED
Microsoft Chakracore < 1.8.1 - Out-of-Bounds Write
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
by Google Security Research
CVSS 7.5
EIP-2026-103626 EXPLOITDB text VERIFIED
Pdfium - Pattern Shading Integer Overflows
by Google Security Research
EIP-2026-103625 EXPLOITDB text VERIFIED
Pdfium - Out-of-Bounds Read with Shading Pattern Backed by Pattern Colorspace
by Google Security Research
EIP-2026-103432 EXPLOITDB javascript VERIFIED
Chrome V8 - 'Runtime_RegExpReplace' Integer Overflow
by Google Security Research
CVE-2018-1204 EXPLOITDB MEDIUM text VERIFIED
Dell Emc Isilon Onefs < 7.2.1.6 - Path Traversal
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.
by Core Security
CVSS 6.7
CVE-2018-1203 EXPLOITDB MEDIUM text VERIFIED
Dell Emc Isilon Onefs < 8.0.0.6 - Incorrect Permission Assignment
In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.
by Core Security
CVSS 6.7
CVE-2018-1202 EXPLOITDB MEDIUM text VERIFIED
Dell Emc Isilon < 8.0.0.6 - XSS
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
CVE-2018-1201 EXPLOITDB MEDIUM text VERIFIED
Dell Emc Isilon < 8.0.0.6 - XSS
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
CVE-2018-1189 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon - XSS
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
CVE-2018-1188 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon - XSS
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
CVE-2018-1187 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon - XSS
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
CVE-2018-1186 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon - XSS
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
CVE-2018-6940 EXPLOITDB MEDIUM text
Nat32 - CSRF
A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF.
by hyp3rlinx
CVSS 6.1
CVE-2018-6941 EXPLOITDB HIGH text
Nat32 - CSRF
A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS.
by hyp3rlinx
CVSS 8.8
CVE-2018-6323 EXPLOITDB HIGH python
GNU Binutils - Integer Overflow
The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
by r4xis
CVSS 7.8
EIP-2026-112934 EXPLOITDB text
userSpice 4.3 - Cross-Site Scripting
by Dolev Farhi
EIP-2026-112296 EXPLOITDB text
Social Oauth Login PHP - Authentication Bypass
by L0RD
EIP-2026-112280 EXPLOITDB text
SOA School Management - 'access_login' SQL Injection
by L0RD
CVE-2018-1213 EXPLOITDB HIGH text VERIFIED
Dell Emc Isilon Onefs < 7.2.1.6 - CSRF
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.
by Core Security
CVSS 8.8
By Source
All 49,996 Writeup 60,146 Exploitdb 49,996 Nomisec 21,657 Metasploit 3,219 Github 2,561 Vulncheck_xdb 905 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,938 ruby 5,908 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 55 postscript 25 xml 24