Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111327 EXPLOITDB text
PlaySMS 1.4.3 - Template Injection / Remote Code Execution
by Touhid M.Shaikh
CVE-2019-12765 EXPLOITDB CRITICAL python
Joomla! 3.9.0-3.9.6 - CSV Injection in com_actionlogs Export
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
by i4bdullah
CVSS 9.8
CVE-2020-8866 EXPLOITDB MEDIUM python
Horde Groupware Webmail Edition 5.2.22 - RCE
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125.
by Andrea Cardaci
CVSS 6.5
CVE-2020-8866 EXPLOITDB MEDIUM python
Horde Groupware Webmail Edition 5.2.22 - RCE
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125.
by Andrea Cardaci
CVSS 6.5
CVE-2020-14930 EXPLOITDB HIGH text
BT CTROMS Terminal OS Port Portal CT-464 - Info Disclosure
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client.
by AkkuS
CVSS 8.1
EIP-2026-114559 EXPLOITDB text
YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting
by En_dust
CVE-2020-15468 EXPLOITDB CRITICAL text
Persian VIP Download Script 1.0 - SQL Injection via cart_edit.php active parameter
Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit.php active parameter.
by Amir Hossein Vafifar
CVSS 9.8
CVE-2020-8518 EXPLOITDB CRITICAL bash
Horde Groupware Webmail Edition <5.2.22 - Code Injection
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
by Andrea Cardaci
CVSS 9.8
EIP-2026-104762 EXPLOITDB ruby VERIFIED
PHPStudy - Backdoor Remote Code execution (Metasploit)
by Metasploit
CVE-2019-15949 EXPLOITDB HIGH ruby VERIFIED
Nagios XI < 5.6.6 - Authenticated Remote Command Execution via getprofile.sh
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.
by Metasploit
CVSS 8.8
EIP-2026-102429 EXPLOITDB text
Sysaid 20.1.11 b26 - Remote Command Execution
by Ahmed Sherif
CVE-2020-37111 EXPLOITDB MEDIUM text
60CycleCMS 2.5.2 - Cross-Site Scripting via news.php GET Parameters
60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browsers. This issue does not involve SQL injection.
by Unkn0wn
CVSS 6.1
CVE-2020-37110 EXPLOITDB HIGH text
60CycleCMS 2.5.2 - SQL Injection via News Title Parameter
60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modify database contents. This issue does not involve cross-site scripting.
by Unkn0wn
CVSS 8.2
CVE-2020-10218 EXPLOITDB MEDIUM text
Sapplica Sentrifugo 3.2 - Blind SQL Injection via HolidaydatesController addAction Function
A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.
by minhnb
CVSS 6.5
CVE-2015-1830 EXPLOITDB ruby VERIFIED
Apache ActiveMQ 5.x-5.11.1 Directory Traversal Shell Upload
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.
by Metasploit
CVE-2019-11043 EXPLOITDB HIGH ruby VERIFIED
PHP 7.1.x < 7.1.33, 7.2.x < 7.2.24, 7.3.x < 7.3.11 - Remote Code Execution via FPM Buffer Overflow
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
by Metasploit
CVSS 8.7
CVE-2020-6418 EXPLOITDB HIGH ruby VERIFIED
Google Chrome <80.0.3987.122 - Heap Corruption
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by Metasploit
CVSS 8.8
CVE-2019-5825 EXPLOITDB MEDIUM ruby VERIFIED
Google Chrome < 73.0.3683.86 - Out-of-bounds Write via JavaScript Array.map
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by Metasploit
CVSS 6.5
CVE-2018-17463 EXPLOITDB HIGH ruby VERIFIED
Google Chrome < 70.0.3538.64 - Remote Code Execution via V8 Side Effect Annotation
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
by Metasploit
CVSS 8.8
EIP-2026-103770 EXPLOITDB text
Counter Strike: GO - '.bsp' Memory Control (PoC)
by 0day enthusiast
CVE-2020-8794 EXPLOITDB CRITICAL ruby VERIFIED
OpenSMTPD OOB Read Local Privilege Escalation
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
by Metasploit
CVSS 9.8
CVE-2020-37055 EXPLOITDB HIGH text
SpyHunter 4 - Unquoted Service Path Privilege Escalation
SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access during service startup.
by Alejandro Reyes
CVSS 7.8
CVE-2020-37048 EXPLOITDB HIGH text
Iskysoft Application Framework Service 2.4.3.241 - Code Injection
Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would be run with the service's high-level system permissions.
by Alejandro Reyes
CVSS 7.8
CVE-2020-37047 EXPLOITDB HIGH text
Deep Instinct Windows Agent 1.2.29.0 - Privilege Escalation
Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicious code that would execute with LocalSystem permissions during service startup.
by Oscar Flores
CVSS 7.8
EIP-2026-116821 EXPLOITDB text
ASUS GiftBox Desktop 1.1.1.127 - 'ASUSGiftBoxDesktop' Unquoted Service Path
by Oscar Flores