Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25327 EXPLOITDB CRITICAL python
Prime95 29.8 build 6 - Remote Code Execution via User ID Input Field
Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields to trigger a bind shell on port 3110.
by stresser
CVSS 9.8
EIP-2026-118587 EXPLOITDB text
FreeSWITCH 1.10.1 - Command Execution
by 1F98D
EIP-2026-115787 EXPLOITDB c
Microsoft Windows 10 BasicRender.sys - Denial of Service (PoC)
by vportal
EIP-2026-111155 EXPLOITDB text
phpMyChat-Plus 1.98 - 'pmc_username' Reflected Cross-Site Scripting
by Chris Inzinga
CVE-2019-25330 EXPLOITDB HIGH python
SurfOffline Professional 2.2.0.103 - Buffer Overflow
SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to trigger a denial of service condition and overwrite SEH registers.
by Chris Inzinga
CVSS 7.5
CVE-2019-25329 EXPLOITDB HIGH python
FTP Navigator < 8.03 - Denial of Service via Custom Command Input
FTP Navigator 8.03 contains a denial of service vulnerability that allows attackers to crash the application by overwriting Structured Exception Handler (SEH) with malicious input. Attackers can generate a payload of 4108 'A' characters followed by 4 'B' characters and 40 'C' characters to trigger a program crash when pasted into the custom command input.
by Chris Inzinga
CVSS 7.5
CVE-2019-25321 EXPLOITDB CRITICAL python
FTP Navigator 8.03 - Stack-based Buffer Overflow via Custom Command Textbox
FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted into the Custom Command textbox, enabling remote code execution and launching the calculator as proof of concept.
by Chris Inzinga
CVSS 9.8
EIP-2026-101669 EXPLOITDB text
Deutsche Bahn Ticket Vending Machine Local Kiosk - Privilege Escalation
by Vulnerability-Lab
CVE-2019-25331 EXPLOITDB HIGH python
AVS Audio Converter 9.1 - Buffer Overflow
AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. Attackers can craft a specially designed text file with 264 bytes of padding followed by register overwrite values to compromise the application and potentially execute arbitrary code.
by ZwX
CVSS 8.4
CVE-2019-25318 EXPLOITDB HIGH python
AVS Audio Converter <9.1.2.600 - Code Injection
AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button is clicked.
by ZwX
CVSS 8.8
EIP-2026-119443 EXPLOITDB text
Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown)
by Ismail Tasdelen
EIP-2026-116625 EXPLOITDB python
XnView 2.49.1 - 'Research' Denial of Service (PoC)
by ZwX
EIP-2026-103365 EXPLOITDB text VERIFIED
macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event()
by Google Security Research
CVE-2018-19276 EXPLOITDB CRITICAL ruby VERIFIED
OpenMRS Java Deserialization RCE
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
by Metasploit
CVSS 9.8
EIP-2026-102123 EXPLOITDB text
Xerox AltaLink C8035 Printer - Cross-Site Request Forgery (Add Admin)
by Ismail Tasdelen
CVE-2019-18935 EXPLOITDB CRITICAL text
Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
by Bishop Fox
CVSS 9.8
CVE-2019-19368 EXPLOITDB MEDIUM text
Rumpus FTP Web File Manager 8.2.9.1 - XSS
A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts
by Harshit Shukla
CVSS 6.1
CVE-2019-25263 EXPLOITDB MEDIUM text
Zendesk App SweetHawk Survey 1.6 - Stored Cross-Site Scripting via Support Ticket Submission
Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatically execute when survey pages are loaded by other users.
by MTK
CVSS 6.4
EIP-2026-104686 EXPLOITDB python
WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service
by roddux
EIP-2026-101866 EXPLOITDB python
Netgear R6400 - Remote Code Execution
by Kevin Randall
EIP-2026-100658 EXPLOITDB python
NopCommerce 4.2.0 - Privilege Escalation
by Alessandro Magnosi
CVE-2019-19726 EXPLOITDB HIGH text VERIFIED
OpenBSD Dynamic Loader chpass Privilege Escalation
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.
by Qualys Corporation
CVSS 7.8
CVE-2019-19241 EXPLOITDB HIGH text VERIFIED
Linux kernel <5.4.2 - Privilege Escalation
In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context.
by Google Security Research
CVSS 7.8
CVE-2019-19742 EXPLOITDB MEDIUM text
D-Link DIR-615 Firmware - Stored Cross-Site Scripting via User Account Name Field
On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.
by Sanyam Chawla
CVSS 4.8
CVE-2019-19743 EXPLOITDB MEDIUM text
D-Link DIR-615 - Privilege Escalation
On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal.
by Sanyam Chawla
CVSS 6.5