Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-8495 EXPLOITDB HIGH python
Kronos Web Time and Attendance <4.0 - Privilege Escalation
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and delegatorUserId parameters.
by nxkennedy
CVSS 7.5
EIP-2026-102110 EXPLOITDB ruby
Wago PFC200 - Authenticated Remote Code Execution (Metasploit)
by 0x483d
EIP-2026-101299 EXPLOITDB c
HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account
by Snawoot
EIP-2026-105781 EXPLOITDB ruby
Centreon 19.10.5 - 'Pollers' Remote Command Execution (Metasploit)
by mekhalleh
EIP-2026-103279 EXPLOITDB python
F-Secure Internet Gatekeeper 5.40 - Heap Overflow (PoC)
by Kevin Joensen
CVE-2019-18634 EXPLOITDB HIGH text
sudo 1.7.1-1.8.25 - Stack-based Buffer Overflow via pwfeedback
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
by Joe Vennix
CVSS 7.8
CVE-2020-37175 EXPLOITDB HIGH python
P2PWIFICAM2 for iOS 10.4.1 - Denial of Service via Camera ID Input Buffer Overflow
P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices.
by Ivan Marmolejo
CVSS 7.5
CVE-2020-8504 EXPLOITDB MEDIUM text
arox School Management Software PHP/mySQL < 2019-03-14 - Cross-Site Request Forgery via Add Admin Action
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.
by J3rryBl4nks
CVSS 6.5
CVE-2020-8547 EXPLOITDB CRITICAL php
phplist 3.5.0 - Unauthenticated Admin Login Bypass via Password Hash Type Juggling
phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
by Suvadip Kar
CVSS 9.8
CVE-2020-8512 EXPLOITDB MEDIUM text
IceWarp Webmail Server <11.4.4.1 - XSS
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
by Lutfu Mert Ceylan
CVSS 6.1
CVE-2020-8813 EXPLOITDB HIGH python
Cacti 1.2.8 - Authenticated Remote Code Execution via Cookie Shell Metacharacter Injection
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
by Askar
CVSS 8.8
CVE-2020-8813 EXPLOITDB HIGH python
Cacti 1.2.8 - Authenticated Remote Code Execution via Cookie Shell Metacharacter Injection
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
by Askar
CVSS 8.8
CVE-2020-8416 EXPLOITDB HIGH
BearFTP < 0.2.0 - Denial of Service via PASV Mode Connection Flood
IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port.
by kolya5544
CVSS 7.5
CVE-2019-8449 EXPLOITDB MEDIUM python
Jira < 8.4.0 - Information Disclosure via Group User Picker Endpoint
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
by Mufeed VH
CVSS 5.3
CVE-2018-7777 EXPLOITDB HIGH python
Schneider Electric U.motion Builder <1.3.4 - RCE
The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server.
by Cosmin Craciun
CVSS 8.8
CVE-2020-8641 EXPLOITDB HIGH text
Lotus Core CMS 1.0.1 - Path Traversal
Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter.
by Daniel Monzón
CVSS 8.8
CVE-2019-25313 EXPLOITDB MEDIUM text
FlexNet Publisher 11.12.1 - Cross-Site Request Forgery to Add Local Admin
FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML form to trick authenticated users into submitting a request that creates a new local admin account with a predefined password.
by Ismail Tasdelen
CVSS 4.0
EIP-2026-117571 EXPLOITDB text
Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution
by Eduardo Braun Prado
CVE-2019-19509 EXPLOITDB HIGH python VERIFIED
rConfig 3.9.3 - Authenticated OS Command Injection via ajaxArchiveFiles.php Path Parameter
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.
by vikingfr
CVSS 8.8
EIP-2026-104705 EXPLOITDB php
PHP 7.0 < 7.4 (Unix) - 'debug_backtrace' disable_functions Bypass
by mm0r1
CVE-2020-7247 EXPLOITDB CRITICAL python VERIFIED
OpenSMTPD 6.6 - Remote Code Execution via MAIL FROM Field
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
by 1F98D
CVSS 9.8
EIP-2026-119386 EXPLOITDB text
Kibana 6.6.1 - CSV Injection
by Aamir Rehman
CVE-2019-19032 EXPLOITDB HIGH text
XMLBlueprint <16.191112 - XML External Entity Injection
XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an XML File is validated. The component is: XML Validate function. The attack vector is: Specially crafted XML payload.
by Javier Olmedo
CVSS 8.1
CVE-2018-8413 EXPLOITDB HIGH c
Windows Theme API - Remote Code Execution via File Decompression
A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Eduardo Braun Prado
CVSS 7.8
CVE-2020-8425 EXPLOITDB MEDIUM text
Cups Easy (Purchase & Inventory) 1.0 - CSRF
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php.
by J3rryBl4nks
CVSS 6.5