Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101061 EXPLOITDB python
Omron PLC 1.0.0 - Denial of Service (PoC)
by n0b0dy
EIP-2026-117535 EXPLOITDB
Microsoft Windows - Multiple UAC Protection Bypasses
by valen
CVE-2019-9810 EXPLOITDB HIGH javascript
Firefox < 66.0.1 and ESR < 60.6.1 - Memory Corruption via IonMonkey JIT Compiler
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
by Axel Souchet
CVSS 8.8
CVE-2019-16702 EXPLOITDB CRITICAL python
Integard Pro 2.2.0.9026 - Buffer Overflow
Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI.
by purpl3f0xsecur1ty
CVSS 9.8
CVE-2019-15627 EXPLOITDB HIGH python VERIFIED
Trend Micro Deep Security Agent 10.0, 11.0, 12.0 - Arbitrary File Deletion via Improper Link Resolution
Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected.
by Peter Lapp
CVSS 7.1
CVE-2019-19576 EXPLOITDB CRITICAL php
verot.net class.upload <2.0.4 - Info Disclosure
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
by Jinny Ramsmark
CVSS 9.8
CVE-2019-25271 EXPLOITDB HIGH text
NETGATE Data Backup 3.0.620 - Code Injection
NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations.
by ZwX
CVSS 7.8
CVE-2019-25269 EXPLOITDB HIGH text
Amiti Antivirus <25.0.640 - Code Injection
Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations.
by ZwX
CVSS 7.8
CVE-2018-9022 EXPLOITDB CRITICAL python VERIFIED
Broadcom Privileged Access Manager < 2.8.2 - Unauthenticated Remote Code Execution via Configuration File Poisoning
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
by Peter Lapp
CVSS 9.8
CVE-2019-25337 EXPLOITDB CRITICAL text
OwnCloud 8.1.8 - Username Enumeration via Share Endpoint Wildcard Search
OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user information.
by Daniel Moreno
CVSS 9.8
EIP-2026-119660 EXPLOITDB text
Microsoft Visual Basic 2010 Express - XML External Entity Injection
by ZwX
EIP-2026-110070 EXPLOITDB text VERIFIED
Online Clinic Management System 2.2 - HTML Injection
by Cemal Cihad ÇİFTÇİ
CVE-2019-15276 EXPLOITDB MEDIUM text
Cisco Wireless LAN Controller Software 8.4-8.9 - Denial of Service via Crafted URL
A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. Conversely, an unauthenticated attacker could exploit this vulnerability by persuading a user of the web interface to click the crafted URL. A successful exploit could allow the attacker to cause an unexpected restart of the device, resulting in a DoS condition.
by SecuNinja
CVSS 6.5
EIP-2026-119661 EXPLOITDB text VERIFIED
Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass
by hyp3rlinx
CVE-2019-5434 EXPLOITDB CRITICAL php
revive_adserver < 4.2.0 - Remote Code Execution via XML-RPC Unserialize
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0.
by crlf
CVSS 9.8
EIP-2026-110124 EXPLOITDB text
Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting
by Cemal Cihad ÇİFTÇİ
CVE-2019-19516 EXPLOITDB MEDIUM text
Intelbras WRN 150 1.0.18 - Cross-Site Request Forgery via Password Change
Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password.
by Prof. Joas Antonio
CVSS 6.5
CVE-2019-25338 EXPLOITDB MEDIUM text
DokuWiki 2018-04-22b - Info Disclosure
DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyzing the server's error response messages.
by Talha ŞEN
CVSS 5.3
CVE-2019-25234 EXPLOITDB MEDIUM text
SmartHouse Webapp 6.5.33 - CSRF/XSS
SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulnerabilities by tricking logged-in users into visiting malicious websites or injecting malicious scripts into various application parameters.
by LiquidWorm
CVSS 5.3
EIP-2026-119663 EXPLOITDB text VERIFIED
Visual Studio 2008 - XML External Entity Injection
by hyp3rlinx
EIP-2026-119659 EXPLOITDB text
Microsoft Excel 2016 1901 - XML External Entity Injection
by hyp3rlinx
EIP-2026-117443 EXPLOITDB text
Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions
by hyp3rlinx
EIP-2026-116783 EXPLOITDB python
Anviz CrossChex 4.3.12 - Local Buffer Overflow
by Luis Catarino
EIP-2026-116782 EXPLOITDB python
Anviz CrossChex 4.3.12 - Local Buffer Overflow
by Luis Catarino
EIP-2026-115976 EXPLOITDB python
Nsauditor 3.1.8.0 - 'Name' Denial of Service (PoC)
by SajjadBnd