Exploitdb Exploits

49,996 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-13236 EXPLOITDB HIGH text VERIFIED
Google Android - Incorrect Permission Assignment
In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699.
by Google Security Research
CVSS 7.8
EIP-2026-103782 EXPLOITDB html
Marked2 - Local File Disclosure
by Corben Leo
CVE-2018-25220 EXPLOITDB CRITICAL python
Bochs 2.6-5 Buffer Overflow Remote Code Execution
Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwrite the instruction pointer and execute shell commands with application privileges.
by Juan Sacco
CVSS 9.8
CVE-2017-0146 EXPLOITDB HIGH ruby VERIFIED
Microsoft Server Message Block < 4.0e - Remote Code Execution
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148.
by Metasploit
CVSS 8.8
CVE-2017-0143 EXPLOITDB HIGH ruby VERIFIED
Microsoft Server Message Block < 4.0e - Remote Code Execution
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
by Metasploit
CVSS 8.8
CVE-2017-0147 EXPLOITDB HIGH ruby VERIFIED
Microsoft Windows 10 1507 < 4.0e - Information Disclosure
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."
by Metasploit
CVSS 7.5
CVE-2018-6593 EXPLOITDB HIGH c
Malwarefox Antimalware - Incorrect Permission Assignment
An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by connecting to the filter communication port and then using IOCTL 0x8000204C to \\.\ZemanaAntiMalware to elevate privileges.
by Souhail Hammou
CVSS 7.8
CVE-2017-14521 EXPLOITDB HIGH text VERIFIED
WonderCMS 2.3.1 - Code Injection
In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload.
by Samrat Das
CVSS 8.8
CVE-2017-14523 EXPLOITDB HIGH text
WonderCMS 2.3.1 - SSRF
WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only come from a local machine or from the administrator as a self attack
by Samrat Das
CVSS 7.5
EIP-2026-112452 EXPLOITDB text
Student Profile Management System Script 2.0.6 - Authentication Bypass
by L0RD
CVE-2018-6180 EXPLOITDB CRITICAL python
Online Voting System 1.0 - Info Disclosure
A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts.
by Giulio Comi
CVSS 9.8
EIP-2026-109941 EXPLOITDB text
NixCMS 1.0 - 'category_id' SQL Injection
by Bora Bozdogan
EIP-2026-109342 EXPLOITDB text
Matrimonial Website Script 2.1.6 - 'uid' SQL Injection
by L0RD
CVE-2018-6604 EXPLOITDB CRITICAL html
ZH Yandexmap - SQL Injection
SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6582 EXPLOITDB CRITICAL text
ZH Googlemap - SQL Injection
SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6605 EXPLOITDB CRITICAL text
ZH Baidumap - SQL Injection
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6609 EXPLOITDB CRITICAL text
Jsp Tickets - SQL Injection
SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6610 EXPLOITDB HIGH php
Jlike - Information Disclosure
Information Leakage exists in the jLike 1.0 component for Joomla! via a task=getUserByCommentId request.
by Ihsan Sencan
CVSS 7.5
CVE-2018-6389 EXPLOITDB HIGH python
Wordpress < 4.9.2 - Denial of Service
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
by Barak Tawily
CVSS 7.5
CVE-2017-12542 EXPLOITDB CRITICAL python
HP Integrated Lights-out 4 Firmware < 2.53 - Authentication Bypass
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.
by skelsec
CVSS 10.0
CVE-2018-6317 EXPLOITDB CRITICAL text
Claymore Dual Miner < 10.5 - Format String Vulnerability
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.
by res1n
CVSS 9.1
CVE-2015-1318 EXPLOITDB ruby VERIFIED
Apport <2.17.1 - Privilege Escalation
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
by Metasploit
CVE-2018-6190 EXPLOITDB MEDIUM text
Netis WF2419 V3.2.41381 - XSS
Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.
by Sajibe Kanti
CVSS 5.4
CVE-2018-0743 EXPLOITDB HIGH c VERIFIED
Windows Subsystem for Linux <1709 - Privilege Escalation
Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability".
by Saar Amar
CVSS 7.0
EIP-2026-111703 EXPLOITDB text
Real Estate Custom Script - 'route' SQL Injection
by 8bitsec
By Source
All 49,996 Writeup 60,146 Exploitdb 49,996 Nomisec 21,657 Metasploit 3,219 Github 2,561 Vulncheck_xdb 905 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,938 ruby 5,908 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 55 postscript 25 xml 24