Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113175 EXPLOITDB text
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'description' Cross-Site Scripting
by cakes
CVE-2019-11043 EXPLOITDB HIGH
PHP 7.1.x < 7.1.33, 7.2.x < 7.2.24, 7.3.x < 7.3.11 - Remote Code Execution via FPM Buffer Overflow
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
by Emil Lerner
CVSS 8.7
EIP-2026-103706 EXPLOITDB text VERIFIED
WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed
by Google Security Research
CVE-2019-18418 EXPLOITDB CRITICAL python
ClonOS WEB control panel 19.09 - RCE
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.
by İbrahim Hakan Şeker
CVSS 9.8
CVE-2019-25746 EXPLOITDB HIGH text
WordPress Sliced Invoices 3.8.2 SQL Injection via post Parameter
WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicate_quote_invoice and malicious 'post' values to extract sensitive database information or modify data.
by Lucian Ioan Nitescu
CVSS 7.1
CVE-2019-12720 EXPLOITDB HIGH text
AUO SunVeillance Monitoring System < 1.1.9e - SQL Injection via mvc_send_mail.aspx MailAdd Parameter
AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picture_manage_mvc.aspx plant_no parameter, the swapdl_mvc.aspx plant_no parameter, and the account_management.aspx Text_Postal_Code and Text_Dis_Code parameters.
by Luca.Chiou
CVSS 7.5
CVE-2019-12719 EXPLOITDB CRITICAL text
AUO SunVeillance Monitoring System < 1.1.9e - Unauthenticated Unrestricted File Upload via Picture_Manage_mvc.aspx
An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via a modified authority parameter.
by Luca.Chiou
CVSS 9.8
CVE-2019-13272 EXPLOITDB HIGH ruby VERIFIED
Linux Polkit pkexec helper PTRACE_TRACEME local root exploit
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
by Metasploit
CVSS 7.8
EIP-2026-117344 EXPLOITDB text
IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path
by Sainadh Jamalpur
EIP-2026-108186 EXPLOITDB ruby
Joomla! 3.4.6 - Remote Code Execution (Metasploit)
by Alessandro Groppo
CVE-2019-17220 EXPLOITDB MEDIUM text
Rocket.Chat < 2.1.0 - Cross-Site Scripting via Markdown Image URL
Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line.
by 3H34N
CVSS 6.1
CVE-2019-15954 EXPLOITDB CRITICAL ruby VERIFIED
Total.js CMS 12.0.0 - Authenticated RCE
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script>
by Metasploit
CVSS 9.9
CVE-2019-10969 EXPLOITDB HIGH text
Moxa EDR-810 Firmware <= 5.1 - Authenticated Remote Code Execution via Ping Feature
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.
by RandoriSec
CVSS 7.2
EIP-2026-119665 EXPLOITDB text
Winrar 5.80 - XML External Entity Injection
by hyp3rlinx
EIP-2026-119624 EXPLOITDB text
WinRAR 5.80 (x64) - Denial of Service
by alblalawi
CVE-2019-9491 EXPLOITDB HIGH text VERIFIED
Trend Micro ATTK <1.62.0.1218 - RCE
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
by hyp3rlinx
CVSS 7.8
CVE-2019-8197 EXPLOITDB CRITICAL text VERIFIED
Adobe Acrobat and Reader DC < 15.006.30504, 15.008.20082-19.021.20047 - Heap Overflow
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
by Google Security Research
CVSS 9.8
CVE-2019-3010 EXPLOITDB HIGH text
Oracle Solaris 11 - Privilege Escalation in XScreenSaver
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
by Marco Ivaldi
CVSS 8.8
EIP-2026-108185 EXPLOITDB python
Joomla! 3.4.6 - Remote Code Execution
by Alessandro Groppo
CVE-2019-25743 EXPLOITDB MEDIUM text
WordPress Soliloquy Lite 2.5.6 Persistent Cross-Site Scripting
WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the post_title parameter, which are stored and executed when users preview the post.
by Unk9vvN
CVSS 5.4
CVE-2019-25744 EXPLOITDB MEDIUM text
WordPress Popup Builder 3.49 Persistent Cross-Site Scripting
WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post_title parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads in the post_title field that execute when pages or posts display popup selections.
by Unk9vvN
CVSS 5.4
CVE-2019-25307 EXPLOITDB HIGH text
WorkgroupMail 7.5.1 - Code Injection
WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
by cakes
CVSS 7.8
CVE-2019-25306 EXPLOITDB HIGH text
BlackMoon FTP Server 3.1.2.1731 - Privilege Escalation
BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with LocalSystem account permissions during service startup.
by Debashis Pal
CVSS 7.8
CVE-2019-17662 EXPLOITDB CRITICAL python VERIFIED
ThinVNC 1.0b1 - Path Traversal and Arbitrary File Read via ThinVnc.ini
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
by Nikhith Tumamlapalli
CVSS 9.8
EIP-2026-118094 EXPLOITDB text
Web Companion versions 5.1.1035.1047 - 'WCAssistantService' Unquoted Service Path
by Debashis Pal