Exploitdb Exploits

49,983 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115447 EXPLOITDB python
InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service (PoC)
by chuyreds
CVE-2019-25274 EXPLOITDB HIGH text
ProShow Producer 9.0.3797 - Code Injection
ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
by ZwX
CVSS 7.8
CVE-2019-19490 EXPLOITDB HIGH text
LiteManager 4.5.0 - Info Disclosure
LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe.
by ZwX
CVSS 7.3
CVE-2019-1429 EXPLOITDB HIGH text VERIFIED
Microsoft Internet Explorer - Out-of-Bounds Write
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.
by Google Security Research
CVSS 7.5
EIP-2026-103375 EXPLOITDB text VERIFIED
macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache
by Google Security Research
CVE-2019-19491 EXPLOITDB MEDIUM text
TestLink 1.9.19 - XSS
TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request.
by Milad Khoshdel
CVSS 6.1
CVE-2019-18862 EXPLOITDB HIGH text
Maidag <3.8 - Privilege Escalation
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
by Mike Gualtieri
CVSS 7.8
EIP-2026-101894 EXPLOITDB text
Network Management Card 6.2.0 - Host Header Injection
by Amal E Thamban
CVE-2019-19492 EXPLOITDB CRITICAL ruby VERIFIED
FreeSWITCH <1.10.1 - Info Disclosure
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.
by Metasploit
CVSS 9.8
EIP-2026-117530 EXPLOITDB ruby VERIFIED
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
by Metasploit
EIP-2026-117529 EXPLOITDB ruby VERIFIED
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
by Metasploit
EIP-2026-117528 EXPLOITDB ruby VERIFIED
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
by Metasploit
EIP-2026-117527 EXPLOITDB ruby VERIFIED
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
by Metasploit
CVE-2018-14665 EXPLOITDB MEDIUM ruby VERIFIED
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
by Metasploit
CVSS 6.6
EIP-2026-110313 EXPLOITDB bash
OpenNetAdmin 18.1.1 - Remote Code Execution
by mattpascoe
CVE-2019-16113 EXPLOITDB HIGH ruby VERIFIED
Bludit 3.9.2 - RCE
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
by Metasploit
CVSS 8.8
CVE-2019-11539 EXPLOITDB HIGH ruby VERIFIED
Pulse Secure <9.0R3.4-5.1R15.1 - Authenticated Command Injection
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
by Metasploit
CVSS 7.2
CVE-2019-11409 EXPLOITDB HIGH ruby VERIFIED
FusionPBX 4.4.3 - Command Injection
app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module.
by Metasploit
CVSS 8.8
CVE-2019-15794 EXPLOITDB HIGH text VERIFIED
Linux kernel - Use After Free
Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.
by Google Security Research
CVSS 7.1
CVE-2019-15793 EXPLOITDB MEDIUM text VERIFIED
Linux kernel <5.3 - Privilege Escalation
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.
by Google Security Research
CVSS 6.5
EIP-2026-102164 EXPLOITDB text VERIFIED
iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd
by Google Security Research
CVE-2019-25350 EXPLOITDB HIGH python
XMedia Recode 3.4.8.6 - DoS
XMedia Recode 3.4.8.6 contains a denial of service vulnerability that allows attackers to crash the application by loading a specially crafted .m3u playlist file. Attackers can create a malicious .m3u file with an oversized buffer to trigger an application crash when the file is opened.
by ZwX
CVSS 7.5
CVE-2019-25349 EXPLOITDB HIGH python
ScadaApp iOS 1.1.4.0 - DoS
ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices.
by Luis Martínez
CVSS 7.5
CVE-2019-25326 EXPLOITDB MEDIUM python
ipPulse 1.92 - DoS
ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the application by providing an oversized input in the Enter Key field. Attackers can generate a 256-byte buffer of repeated 'A' characters to trigger an application crash when pasting the malicious content.
by Diego Armando Buztamante Rico
CVSS 6.2
CVE-2019-25342 EXPLOITDB HIGH bash
Centova Cast 3.2.12 - DoS
Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters.
by DroidU
CVSS 7.5
By Source
All 49,983 Writeup 57,446 Exploitdb 49,983 Nomisec 21,423 Metasploit 3,217 Github 2,519 Vulncheck_xdb 901 Inthewild 514 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,329 python 5,908 ruby 5,906 c 3,561 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 88 go 53 postscript 25 xml 24