Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-0143 EXPLOITDB HIGH ruby VERIFIED
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
by Metasploit
CVSS 8.8
CVE-2017-0147 EXPLOITDB HIGH ruby VERIFIED
Microsoft Windows - SMBv1 Information Disclosure via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."
by Metasploit
CVSS 7.5
CVE-2018-6593 EXPLOITDB HIGH c
MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation via IOCTL 0x8000204C
An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by connecting to the filter communication port and then using IOCTL 0x8000204C to \\.\ZemanaAntiMalware to elevate privileges.
by Souhail Hammou
CVSS 7.8
CVE-2017-14521 EXPLOITDB HIGH text VERIFIED
WonderCMS 2.3.1 - Unrestricted Upload of File with Dangerous Type
In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload.
by Samrat Das
CVSS 8.8
CVE-2017-14523 EXPLOITDB HIGH text
WonderCMS 2.3.1 - HTTP Host Header Injection
WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only come from a local machine or from the administrator as a self attack
by Samrat Das
CVSS 7.5
EIP-2026-112452 EXPLOITDB text
Student Profile Management System Script 2.0.6 - Authentication Bypass
by L0RD
CVE-2018-6180 EXPLOITDB CRITICAL python
Online Voting System 1.0 - Info Disclosure
A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts.
by Giulio Comi
CVSS 9.8
EIP-2026-109941 EXPLOITDB text
NixCMS 1.0 - 'category_id' SQL Injection
by Bora Bozdogan
EIP-2026-109342 EXPLOITDB text
Matrimonial Website Script 2.1.6 - 'uid' SQL Injection
by L0RD
CVE-2018-6604 EXPLOITDB CRITICAL html
Zh YandexMap 6.2.1.0 - SQL Injection via id Parameter
SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6582 EXPLOITDB CRITICAL text
Zh GoogleMap 8.4.0.0 - SQL Injection via id Parameter
SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6605 EXPLOITDB CRITICAL text
Zh BaiduMap 3.0.0.1 - SQL Injection via id Parameter
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6609 EXPLOITDB CRITICAL text
jsp_tickets 1.1 - SQL Injection via Ticketcode or ID Parameter
SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6610 EXPLOITDB HIGH php
jlike 1.0 - Exposure of Sensitive Information via task Parameter
Information Leakage exists in the jLike 1.0 component for Joomla! via a task=getUserByCommentId request.
by Ihsan Sencan
CVSS 7.5
CVE-2018-6389 EXPLOITDB HIGH python
WordPress < 4.9.2 - Unauthenticated Denial of Service via Repeated JavaScript File Loading
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
by Barak Tawily
CVSS 7.5
CVE-2017-12542 EXPLOITDB CRITICAL python
HP Integrated Lights-Out 4 Firmware < 2.53 - Authentication Bypass and Remote Code Execution
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.
by skelsec
CVSS 10.0
CVE-2018-6317 EXPLOITDB CRITICAL text
Claymore Dual Miner < 10.5 - Unauthenticated Format String Vulnerability
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.
by res1n
CVSS 9.1
CVE-2015-1318 EXPLOITDB ruby VERIFIED
Apport <2.17.1 - Privilege Escalation
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
by Metasploit
CVE-2018-6190 EXPLOITDB MEDIUM text
Netis WF2419 V3.2.41381 - Stored Cross-Site Scripting via MAC Filtering Description Field
Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.
by Sajibe Kanti
CVSS 5.4
CVE-2018-0743 EXPLOITDB HIGH c VERIFIED
Windows Subsystem for Linux <1709 - Privilege Escalation
Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability".
by Saar Amar
CVSS 7.0
EIP-2026-111703 EXPLOITDB text
Real Estate Custom Script - 'route' SQL Injection
by 8bitsec
CVE-2018-6581 EXPLOITDB CRITICAL text
jms_music 1.1.1 - SQL Injection via Search Parameter
SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6580 EXPLOITDB CRITICAL text
Jimtawl 2.1.6 and 2.2.5 - Unrestricted File Upload via Component Request
Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6579 EXPLOITDB CRITICAL text
JEXTN Reverse Auction 3.1.0 - SQL Injection via view=products&uid= Parameter
SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6577 EXPLOITDB CRITICAL html
JEXTN Membership 3.1.0 - SQL Injection via usr_plan Parameter
SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.
by Ihsan Sencan
CVSS 9.8