Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115975 EXPLOITDB python
Nsauditor 3.1.8.0 - 'Name' Denial of Service (PoC)
by SajjadBnd
EIP-2026-115974 EXPLOITDB python
Nsauditor 3.1.8.0 - 'Key' Denial of Service (PoC)
by SajjadBnd
CVE-2019-25272 EXPLOITDB HIGH text
TexasSoft CyberPlanet 6.4.131 - Code Injection
TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious executables and gain elevated system privileges.
by Cristian Ayala G
CVSS 7.8
CVE-2019-25265 EXPLOITDB MEDIUM text
Online Inventory Manager 3.2 - Stored Cross-Site Scripting in Group Description Field
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie theft and client-side script execution.
by Cemal Cihad ÇİFTÇİ
CVSS 6.4
EIP-2026-116301 EXPLOITDB python
SpotAuditor 5.3.2 - 'Name' Denial of Service
by ZwX
EIP-2026-116300 EXPLOITDB python
SpotAuditor 5.3.2 - 'Name' Denial of Service
by ZwX
EIP-2026-116299 EXPLOITDB python
SpotAuditor 5.3.2 - 'Key' Denial of Service
by ZwX
EIP-2026-116298 EXPLOITDB python
SpotAuditor 5.3.2 - 'Key' Denial of Service
by ZwX
EIP-2026-102787 EXPLOITDB bash
Bash 5.0 Patch 11 - SUID Priv Drop Exploit
by Mohin Paramasivam
CVE-2019-25339 EXPLOITDB HIGH python
GHIA CamIP 1.2 - Denial of Service via Password Input Field
GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated characters into the password field to trigger an application crash on iOS devices.
by Ivan Marmolejo
CVSS 7.5
EIP-2026-113507 EXPLOITDB text
WordPress Core 5.3 - User Disclosure
by SajjadBnd
CVE-2017-12945 EXPLOITDB HIGH python
Solstice Pod < 2.8.4 - Authenticated OS Command Injection via Networking Configuration
Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root.
by Alexandre Teyar
CVSS 8.8
CVE-2019-25340 EXPLOITDB HIGH python
SpotAuditor 5.3.2 - Denial of Service via Base64 Decryption Buffer Overflow
SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted into the Base64 Encrypted Password field.
by ZwX
CVSS 7.5
CVE-2019-25336 EXPLOITDB HIGH python
SpotAuditor 5.3.2 - Buffer Overflow
SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to trigger a Structured Exception Handler (SEH) overwrite and execute shellcode on the vulnerable system.
by ZwX
CVSS 8.4
EIP-2026-115639 EXPLOITDB python
Microsoft DirectX SDK 2010 - '.PIXrun' Denial Of Service (PoC)
by ZwX
CVE-2019-25341 EXPLOITDB HIGH python
iNetTools for iOS 8.20 - Denial of Service via Whois Domain Name Field Buffer Overflow
iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-character buffer into the Domain Name field to trigger an application crash.
by Ivan Marmolejo
CVSS 7.5
EIP-2026-115433 EXPLOITDB python
InduSoft Web Studio 8.1 SP1 - _Atributos_ Denial of Service (PoC)
by chuyreds
CVE-2019-25273 EXPLOITDB HIGH text
Easy-Hide-IP 5.0.0.3 - Code Injection
Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe' to inject malicious executables and escalate privileges.
by Rene Cortes S
CVSS 7.8
CVE-2019-19489 EXPLOITDB MEDIUM python
SMPlayer 19.5.0 - Buffer Overflow via Long .m3u File
SMPlayer 19.5.0 has a buffer overflow via a long .m3u file.
by Malav Vyas
CVSS 5.5
EIP-2026-118093 EXPLOITDB text
Waves MaxxAudio Drivers 1.1.6.0 - 'WavesSysSvc64' Unquoted Service Path
by Luis Martínez
EIP-2026-117560 EXPLOITDB text
Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation
by Abdelhamid Naceri
EIP-2026-115447 EXPLOITDB python
InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service (PoC)
by chuyreds
CVE-2019-25274 EXPLOITDB HIGH text
ProShow Producer 9.0.3797 - Code Injection
ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
by ZwX
CVSS 7.8
CVE-2019-19490 EXPLOITDB HIGH text
LiteManager 4.5.0 - Info Disclosure
LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe.
by ZwX
CVSS 7.3
CVE-2019-1429 EXPLOITDB HIGH text VERIFIED
Internet Explorer - Remote Code Execution via Scripting Engine Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.
by Google Security Research
CVSS 7.5