Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-0837 EXPLOITDB HIGH javascript VERIFIED
ChakraCore - Remote Code Execution via Memory Corruption in Scripting Engine
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
by Google Security Research
CVSS 7.5
CVE-2018-0770 EXPLOITDB HIGH text VERIFIED
Microsoft Edge - Remote Code Execution via Scripting Engine Memory Corruption
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
by Google Security Research
CVSS 7.5
CVE-2018-0835 EXPLOITDB HIGH javascript VERIFIED
ChakraCore < 1.8.1 - Remote Code Execution via Memory Corruption in Scripting Engine
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
by Google Security Research
CVSS 7.5
EIP-2026-103626 EXPLOITDB text VERIFIED
Pdfium - Pattern Shading Integer Overflows
by Google Security Research
EIP-2026-103625 EXPLOITDB text VERIFIED
Pdfium - Out-of-Bounds Read with Shading Pattern Backed by Pattern Colorspace
by Google Security Research
EIP-2026-103432 EXPLOITDB javascript VERIFIED
Chrome V8 - 'Runtime_RegExpReplace' Integer Overflow
by Google Security Research
CVE-2018-1204 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon OneFS Path Traversal in isi_phone_home
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.
by Core Security
CVSS 6.7
CVE-2018-1203 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon OneFS 8.0.0.0-8.0.0.6 - Privilege Escalation via Sudo tcpdump
In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.
by Core Security
CVSS 6.7
CVE-2018-1202 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon 7.1.1.11 8.0.0.0-8.0.0.6 8.0.1.0-8.0.1.2 8.1.0.0-8.1.0.1 - Cross-Site Scripting in NDMP Page
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
CVE-2018-1201 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon 7.1.1.11, 7.2.1.x, 8.0.0.0-8.0.0.6, 8.0.1.0-8.0.1.2, 8.1.0.0-8.1.0.1 XSS in Job Operations
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
CVE-2018-1189 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon 7.1.1.11-8.1.0.1 Cross-Site Scripting in Antivirus Page
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
CVE-2018-1188 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon 7.2.1.0-7.2.1.5, 8.0.0.0-8.0.0.6, 8.0.1.0-8.0.1.2, 8.1.0.0-8.1.0.1 XSS in Authorization Providers
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
CVE-2018-1187 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon 8.0.0.0-8.0.0.6 - Cross-Site Scripting in Network Configuration Page
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
CVE-2018-1186 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon 7.1.1.11-8.1.0.1 Stored XSS in Cluster Description
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
CVE-2018-6940 EXPLOITDB MEDIUM text
nat32 - Remote Code Execution via /shell?cmd= XSS and CSRF
A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF.
by hyp3rlinx
CVSS 6.1
CVE-2018-6941 EXPLOITDB HIGH text
nat32 v2.2 Build 22284 - Cross-Site Request Forgery via /shell?cmd= Endpoint
A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS.
by hyp3rlinx
CVSS 8.8
CVE-2018-6323 EXPLOITDB HIGH python
GNU Binutils - Integer Overflow in elf_object_p
The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
by r4xis
CVSS 7.8
EIP-2026-112934 EXPLOITDB text
userSpice 4.3 - Cross-Site Scripting
by Dolev Farhi
EIP-2026-112296 EXPLOITDB text
Social Oauth Login PHP - Authentication Bypass
by L0RD
EIP-2026-112280 EXPLOITDB text
SOA School Management - 'access_login' SQL Injection
by L0RD
CVE-2018-1213 EXPLOITDB HIGH text VERIFIED
Dell EMC Isilon OneFS CSRF (7.1.1.11, 7.2.1.0-7.2.1.5, 8.0.0.0-8.0.0.6, 8.0.1.0-8.0.1.2, 8.1.0.0-8.1.0.2)
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.
by Core Security
CVSS 8.8
CVE-2018-5767 EXPLOITDB CRITICAL python
Tenda AC15 <V15.03.1.16_multi - RCE
An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.
by Tim Carrington
CVSS 9.8
CVE-2018-6928 EXPLOITDB CRITICAL text
News Website Script 2.0.4 - SQL Injection via Search Term
PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term.
by Varun Bagaria
CVSS 9.8
CVE-2018-6892 EXPLOITDB CRITICAL python VERIFIED
CloudMe Sync < 1.10.9 - Unauthenticated Remote Buffer Overflow via Port 8888
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.
by hyp3rlinx
CVSS 9.8
CVE-2018-6911 EXPLOITDB CRITICAL html
Advantech WebAccess 8.3.0 - Remote Code Execution via VBWinExec Command Parameter
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).
by Nassim Asrir
CVSS 9.8