Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-19363 EXPLOITDB HIGH c
Ricoh Printer Drivers - Local Privilege Escalation via Incorrect Permission Assignment
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version
by pentagrid
CVSS 7.8
CVE-2019-0604 EXPLOITDB CRITICAL python
Microsoft SharePoint - Remote Code Execution via Application Package Source Markup
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
by Voulnet
CVSS 9.8
EIP-2026-117672 EXPLOITDB text
NEOWISE CARBONFTP 1.4 - Weak Password Encryption
by hyp3rlinx
EIP-2026-102405 EXPLOITDB text
ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection
by Ertebat Gostar Co
CVE-2020-7991 EXPLOITDB HIGH text
Adive Framework 2.0.8 - Cross-Site Request Forgery in Admin Config
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.
by Sarthak Saini
CVSS 8.8
CVE-2020-7990 EXPLOITDB MEDIUM text
Adive Framework 2.0.8 - Stored Cross-Site Scripting via User Add Function
Adive Framework 2.0.8 has admin/user/add userName XSS.
by Sarthak Saini
CVSS 6.1
CVE-2020-7989 EXPLOITDB MEDIUM text
Adive Framework 2.0.8 - Stored Cross-Site Scripting via userUsername Parameter
Adive Framework 2.0.8 has admin/user/add userUsername XSS.
by Sarthak Saini
CVSS 6.1
CVE-2019-19031 EXPLOITDB HIGH text
Easy XML Editor <1.7.8 - XML External Entity Injection
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload.
by Javier Olmedo
CVSS 8.1
EIP-2026-116369 EXPLOITDB python
Sysax Multi Server 5.50 - Denial of Service (PoC)
by Shailesh Kumavat
CVE-2019-16405 EXPLOITDB HIGH ruby
Centreon Web , 18.10.x , 19.04.x , 19.10.x <2.8.30 <18.10.8 <19.04.5 - Remote Code Execution
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.
by TheCyberGeek
CVSS 7.2
CVE-2020-37255 EXPLOITDB HIGH python
WordPress Time Capsule Plugin 1.21.16 Authentication Bypass
WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by sending a crafted POST request with the IWP_JSON_PREFIX header. Attackers can exploit this flaw to obtain valid administrator session cookies and access the WordPress dashboard without providing credentials.
by B. Canavate
CVSS 7.5
CVE-2020-37181 EXPLOITDB CRITICAL python
Torrent FLV Converter <1.51 Build 117 - Buffer Overflow
Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers to overwrite Structured Exception Handler (SEH) through a malicious registration code input. Attackers can craft a payload with specific offsets and partial SEH overwrite techniques to potentially execute arbitrary code on vulnerable Windows 32-bit systems.
by antonio
CVSS 9.8
CVE-2020-37180 EXPLOITDB HIGH python VERIFIED
Nsasoft Nsauditor GTalk Password Finder 2.2.1 - Denial of Service via Oversized Registration Key
GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
CVE-2020-37179 EXPLOITDB HIGH python
APKF Product Key Finder <2.5.8.0 - DoS
APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
EIP-2026-118026 EXPLOITDB text
Trend Micro Maximum Security 2019 - Privilege Escalation
by hyp3rlinx
EIP-2026-118025 EXPLOITDB text
Trend Micro Maximum Security 2019 - Arbitrary Code Execution
by hyp3rlinx
CVE-2019-15742 EXPLOITDB HIGH ruby VERIFIED
Poly Plantronics Hub <3.14 - Privilege Escalation
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges.
by Metasploit
CVSS 7.8
EIP-2026-113832 EXPLOITDB python
WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
by Raphael Karger
EIP-2026-114738 EXPLOITDB c
SunOS 5.10 Generic_147148-26 - Local Privilege Escalation
by Marco Ivaldi
CVE-2019-20204 EXPLOITDB MEDIUM text
Postie < 1.9.40 - Cross-Site Scripting via SVG Element
The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element.
by V1n1v131r4
CVSS 5.4
EIP-2026-111824 EXPLOITDB text
Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection
by Fatih Çelik
EIP-2026-111823 EXPLOITDB text
Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection
by Fatih Çelik
EIP-2026-111822 EXPLOITDB text
Rukovoditel Project Management CRM 2.5.2 - 'entities_id' SQL Injection
by Fatih Çelik
EIP-2026-110062 EXPLOITDB text
Online Book Store 1.0 - Arbitrary File Upload
by Or4nG.M4N
CVE-2019-19781 EXPLOITDB CRITICAL text
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
by Dhiraj Mishra
CVSS 9.8