Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-12707 EXPLOITDB MEDIUM text
LeptonCMS 4.5.0 - Stored Cross-Site Scripting via Event Handler Injection
An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements.
by SunCSR
CVSS 6.1
EIP-2026-108660 EXPLOITDB text
Joomla! Component GMapFP 3.30 - Arbitrary File Upload
by ThelastVvV
CVE-2020-15261 EXPLOITDB HIGH text
Veyon Service <4.4.2 - Privilege Escalation
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.
by Víctor García
CVSS 8.0
CVE-2020-10385 EXPLOITDB MEDIUM text
WPForms Contact Form < 1.5.9 - Stored Cross-Site Scripting
A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.
by Jinson Varghese Behanan
CVSS 5.4
CVE-2020-12704 EXPLOITDB MEDIUM text
UliCMS < 2020.2 - Stored Cross-Site Scripting in PageController
UliCMS before 2020.2 has PageController stored XSS.
by SunCSR
CVSS 6.1
CVE-2020-5722 EXPLOITDB CRITICAL python
Grandstream UCM6200 <1.0.19.20 - SQL Injection
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.
by Jacob Baines
CVSS 9.8
CVE-2020-37218 EXPLOITDB HIGH text
Joomla com_hdwplayer 4.2 SQL Injection via search.php
Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter. Attackers can submit POST requests with crafted SQL payloads in the hdwplayersearch parameter to extract sensitive database information from the hdwplayer_videos table.
by qw3rTyTy
CVSS 8.2
CVE-2020-37143 EXPLOITDB HIGH python
ProficySCADA for iOS <5.0.25920 - DoS
ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and prevent successful authentication.
by Ivan Marmolejo
CVSS 7.5
CVE-2020-36905 EXPLOITDB HIGH text
FIBARO System Home Center 5.021 - RCE
FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or manipulate page content.
by LiquidWorm
CVSS 7.5
EIP-2026-115355 EXPLOITDB text
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)
by Cem Onat Karagun
EIP-2026-113965 EXPLOITDB text
Wordpress Plugin PicUploader 1.0 - Remote File Upload
by Milad karimi
CVE-2020-10879 EXPLOITDB CRITICAL python
rconfig < 3.9.5 - OS Command Injection via nodeId Parameter
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
by Matthew Aberegg
CVSS 9.8
EIP-2026-103888 EXPLOITDB text
CyberArk PSMP 10.9.1 - Policy Restriction Bypass
by LAHBAL Said
EIP-2026-101140 EXPLOITDB c
Sony Playstation 4 (PS4) < 7.02 / FreeBSD 9 / FreeBSD 12 - 'ip6_setpktopt' Kernel Local Privilege Escalation (PoC)
by TheFloW
CVE-2020-37144 EXPLOITDB MEDIUM text
Exagate Sysguard 6001 - Cross-Site Request Forgery via /kulyon.php Admin Account Creation
Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without the victim's consent.
by Metin Yunus Kandemir
CVSS 5.3
CVE-2020-3950 EXPLOITDB HIGH bash VERIFIED
VMware Fusion <11.5.2 - Privilege Escalation
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
by Rich Mirch
CVSS 7.8
CVE-2020-37045 EXPLOITDB HIGH text
Veritas NetBackup 7.0 - Code Injection
Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject malicious code that would execute with elevated LocalSystem privileges.
by El Masas
CVSS 7.8
CVE-2020-10364 EXPLOITDB HIGH text
MikroTik RouterOS <= 6.44.3 - Denial of Service via SSH Daemon Resource Exhaustion
The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.
by FarazPajohan
CVSS 7.5
CVE-2020-20021 EXPLOITDB HIGH text
MikroTik RouterOS < 6.46.3 - Denial of Service via SSH Daemon Misconfiguration
An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.
by FarazPajohan
CVSS 7.5
EIP-2026-108193 EXPLOITDB text
Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload
by qw3rTyTy
CVE-2019-15126 EXPLOITDB LOW python
Apple Ipados < 13.2 - TOCTOU Race Condition
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
by Maurizio S
CVSS 3.1
EIP-2026-101891 EXPLOITDB text
Netlink GPON Router 1.0.11 - Remote Code Execution
by shellord
EIP-2026-112842 EXPLOITDB text
UADMIN Botnet 1.0 - 'link' SQL Injection
by n4pst3r
CVE-2020-10189 EXPLOITDB CRITICAL ruby VERIFIED
ManageEngine Desktop Central < 10.0.479 - Remote Code Execution via Java Deserialization in FileStorage
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
by Metasploit
CVSS 9.8
EIP-2026-103783 EXPLOITDB
Microsoft VSCode Python Extension - Code Execution
by Doyensec