Exploitdb Exploits

4,724 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-116299 EXPLOITDB python
SpotAuditor 5.3.2 - 'Key' Denial of Service
by ZwX
EIP-2026-116298 EXPLOITDB python
SpotAuditor 5.3.2 - 'Key' Denial of Service
by ZwX
CVE-2019-25339 EXPLOITDB HIGH python
GHIA CamIP 1.2 - DoS
GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated characters into the password field to trigger an application crash on iOS devices.
by Ivan Marmolejo
CVSS 7.5
CVE-2017-12945 EXPLOITDB HIGH python
Mersive Solstice Firmware < 2.8.4 - OS Command Injection
Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root.
by Alexandre Teyar
CVSS 8.8
CVE-2019-25340 EXPLOITDB HIGH python
SpotAuditor 5.3.2 - DoS
SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted into the Base64 Encrypted Password field.
by ZwX
CVSS 7.5
CVE-2019-25336 EXPLOITDB HIGH python
SpotAuditor 5.3.2 - Buffer Overflow
SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to trigger a Structured Exception Handler (SEH) overwrite and execute shellcode on the vulnerable system.
by ZwX
CVSS 8.4
EIP-2026-115639 EXPLOITDB python
Microsoft DirectX SDK 2010 - '.PIXrun' Denial Of Service (PoC)
by ZwX
CVE-2019-25341 EXPLOITDB HIGH python
iNetTools for iOS 8.20 - DoS
iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-character buffer into the Domain Name field to trigger an application crash.
by Ivan Marmolejo
CVSS 7.5
EIP-2026-115433 EXPLOITDB python
InduSoft Web Studio 8.1 SP1 - _Atributos_ Denial of Service (PoC)
by chuyreds
CVE-2019-19489 EXPLOITDB MEDIUM python
SMPlayer 19.5.0 - Buffer Overflow
SMPlayer 19.5.0 has a buffer overflow via a long .m3u file.
by Malav Vyas
CVSS 5.5
EIP-2026-115447 EXPLOITDB python
InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service (PoC)
by chuyreds
CVE-2019-25350 EXPLOITDB HIGH python
XMedia Recode 3.4.8.6 - DoS
XMedia Recode 3.4.8.6 contains a denial of service vulnerability that allows attackers to crash the application by loading a specially crafted .m3u playlist file. Attackers can create a malicious .m3u file with an oversized buffer to trigger an application crash when the file is opened.
by ZwX
CVSS 7.5
CVE-2019-25349 EXPLOITDB HIGH python
ScadaApp iOS 1.1.4.0 - DoS
ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices.
by Luis Martínez
CVSS 7.5
CVE-2019-25326 EXPLOITDB MEDIUM python
ipPulse 1.92 - DoS
ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the application by providing an oversized input in the Enter Key field. Attackers can generate a 256-byte buffer of repeated 'A' characters to trigger an application crash when pasting the malicious content.
by Diego Armando Buztamante Rico
CVSS 6.2
CVE-2019-0708 EXPLOITDB CRITICAL python
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by 0xeb-bp
CVSS 9.8
CVE-2019-25353 EXPLOITDB HIGH python
Foscam VMS 1.1.4.9 - DoS
Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of repeated 'A' characters to trigger an application crash during device login.
by chuyreds
CVSS 7.5
CVE-2019-17424 EXPLOITDB HIGH python
Nipper-ng - Out-of-Bounds Write
A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.
by Guy Levin
CVSS 7.8
EIP-2026-102177 EXPLOITDB python
Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service (PoC)
by Luis Martínez
CVE-2019-12489 EXPLOITDB CRITICAL python
Fastweb Askey Rtv1907vw Firmware - OS Command Injection
An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter.
by Riccardo Gasparini
CVSS 9.8
EIP-2026-102033 EXPLOITDB python
Technicolor TC7300.B0 - 'hostname' Persistent Cross-Site Scripting
by Luis Santana
EIP-2026-101833 EXPLOITDB python
Linear eMerge E3 1.00-06 - Remote Code Execution
by LiquidWorm
CVE-2019-25357 EXPLOITDB HIGH python
Control Center PRO 6.2.9 - Buffer Overflow
Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious payload exceeding 664 bytes to inject shellcode and potentially execute arbitrary code on vulnerable Windows systems.
by sasaga92
CVSS 8.4
CVE-2019-3398 EXPLOITDB HIGH python
Atlassian Confluence Server < 6.6.13 - Path Traversal
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.
by max7253
CVSS 8.8
CVE-2019-7670 EXPLOITDB HIGH python
Prima Systems FlexAir <2.3.38 - Command Injection
Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system.
by LiquidWorm
CVSS 7.2
CVE-2019-7276 EXPLOITDB CRITICAL python
Optergy Proton/Enterprise - RCE
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
by LiquidWorm
CVSS 9.8
By Source
All 4,724 Exploitdb 50,121 Writeup 46,751 Nomisec 21,199 Metasploit 3,189 Github 2,250 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,738 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 68 go 41 postscript 25 xml 24