Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-103375 EXPLOITDB text VERIFIED
macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache
by Google Security Research
CVE-2019-19491 EXPLOITDB MEDIUM text
TestLink 1.9.19 - Cross-Site Scripting via archiveData.php edit Parameter
TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request.
by Milad Khoshdel
CVSS 6.1
CVE-2019-18862 EXPLOITDB HIGH text
GNU Mailutils < 3.8 - Local Privilege Escalation via maidag URL Mode
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
by Mike Gualtieri
CVSS 7.8
EIP-2026-101894 EXPLOITDB text
Network Management Card 6.2.0 - Host Header Injection
by Amal E Thamban
CVE-2019-19492 EXPLOITDB CRITICAL ruby VERIFIED
FreeSWITCH <1.10.1 - Info Disclosure
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.
by Metasploit
CVSS 9.8
EIP-2026-117530 EXPLOITDB ruby VERIFIED
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
by Metasploit
EIP-2026-117529 EXPLOITDB ruby VERIFIED
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
by Metasploit
EIP-2026-117528 EXPLOITDB ruby VERIFIED
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
by Metasploit
EIP-2026-117527 EXPLOITDB ruby VERIFIED
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
by Metasploit
CVE-2018-14665 EXPLOITDB MEDIUM ruby VERIFIED
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
by Metasploit
CVSS 6.6
EIP-2026-110313 EXPLOITDB bash
OpenNetAdmin 18.1.1 - Remote Code Execution
by mattpascoe
CVE-2019-16113 EXPLOITDB HIGH ruby VERIFIED
Bludit 3.9.2 - Remote Code Execution via Image Upload Path Traversal
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
by Metasploit
CVSS 8.8
CVE-2019-11539 EXPLOITDB HIGH ruby VERIFIED
Pulse Secure <9.0R3.4-5.1R15.1 - Authenticated Command Injection
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
by Metasploit
CVSS 7.2
CVE-2019-11409 EXPLOITDB HIGH ruby VERIFIED
FusionPBX 4.4.3 - Command Injection
app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module.
by Metasploit
CVSS 8.8
CVE-2019-15794 EXPLOITDB HIGH text VERIFIED
Linux Kernel - Use-After-Free in Overlayfs and Shiftfs mmap Handlers
Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.
by Google Security Research
CVSS 7.1
CVE-2019-15793 EXPLOITDB MEDIUM text VERIFIED
Linux kernel <5.3 - Privilege Escalation
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.
by Google Security Research
CVSS 6.5
EIP-2026-102164 EXPLOITDB text VERIFIED
iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd
by Google Security Research
CVE-2019-25350 EXPLOITDB HIGH python
XMedia Recode 3.4.8.6 - Denial of Service via Crafted .m3u Playlist File
XMedia Recode 3.4.8.6 contains a denial of service vulnerability that allows attackers to crash the application by loading a specially crafted .m3u playlist file. Attackers can create a malicious .m3u file with an oversized buffer to trigger an application crash when the file is opened.
by ZwX
CVSS 7.5
CVE-2019-25349 EXPLOITDB HIGH python
ScadaApp for iOS 1.1.4.0 - Denial of Service via Servername Field Buffer Overflow
ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices.
by Luis Martínez
CVSS 7.5
CVE-2019-25326 EXPLOITDB MEDIUM python
ipPulse < 1.92 - Denial of Service via Oversized Enter Key Input
ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the application by providing an oversized input in the Enter Key field. Attackers can generate a 256-byte buffer of repeated 'A' characters to trigger an application crash when pasting the malicious content.
by Diego Armando Buztamante Rico
CVSS 6.2
CVE-2019-25342 EXPLOITDB HIGH bash
Centova Cast 3.2.12 - Denial of Service via Database Export API Endpoint
Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters.
by DroidU
CVSS 7.5
CVE-2019-25276 EXPLOITDB HIGH text
Studio 5000 Logix Designer 30.01.00 - Privilege Escalation
Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\ to inject malicious code that would execute with LocalSystem permissions.
by Luis Martínez
CVSS 7.8
CVE-2019-25275 EXPLOITDB HIGH text
BartVPN 1.2.2 - Unquoted Service Path Privilege Escalation via BartVPNService
BartVPN 1.2.2 contains an unquoted service path vulnerability in the BartVPNService that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the service's execution context.
by ZwX
CVSS 7.8
CVE-2019-0708 EXPLOITDB CRITICAL python
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by 0xeb-bp
CVSS 9.8
CVE-2019-25354 EXPLOITDB HIGH text
iSmartViewPro 1.3.34 - Denial of Service via Camera ID Input Buffer Overflow
iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS devices.
by Ivan Marmolejo
CVSS 7.5