Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113761 EXPLOITDB text
WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting
by Unk9vvN
EIP-2026-111756 EXPLOITDB python
Restaurant Management System 1.0 - Remote Code Execution
by Ibad Shah
CVE-2019-25309 EXPLOITDB HIGH text
Zilab Remote Console Server 3.2.9 - Privilege Escalation
Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be run with LocalSystem permissions.
by cakes
CVSS 7.8
CVE-2019-25308 EXPLOITDB HIGH text
Mikogo <5.2.2.150317 - Code Injection
Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations.
by cakes
CVSS 7.8
CVE-2019-16330 EXPLOITDB MEDIUM text
NCH Express Accounts Accounting v7.02 - XSS
In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript.
by Debashis Pal
CVSS 5.4
EIP-2026-117419 EXPLOITDB text
LiteManager 4.5.0 - 'romservice' Unquoted Serive Path
by cakes
EIP-2026-117402 EXPLOITDB text
Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path
by Luis MedinaL
EIP-2026-114736 EXPLOITDB text
Solaris xscreensaver 11.4 - Privilege Escalation
by Marco Ivaldi
CVE-2019-17624 EXPLOITDB HIGH python
X.Org X Server < 1.20.4 - Stack-Based Buffer Overflow in XQueryKeymap
"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow.
by s4vitar
CVSS 7.8
CVE-2019-11932 EXPLOITDB HIGH c++
WhatsApp < 2.19.244 - Remote Code Execution via GIF Image Parsing
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.
by Valerio Brussani
CVSS 8.8
CVE-2019-25310 EXPLOITDB HIGH text
ActiveFax Server <6.92 Build 0316 - Code Injection
ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated administrative privileges.
by cakes
CVSS 7.8
CVE-2019-25067 EXPLOITDB MEDIUM python
Podman Varlink 1.5.1 - Remote Privilege Escalation
A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-143949 was assigned to this vulnerability.
by Jeremy Brown
CVSS 6.3
CVE-2019-17591 EXPLOITDB text
Bolt CMS 3.6.10 - Cross-Site Request Forgery
by r3m0t3nu11
CVE-2019-14287 EXPLOITDB HIGH python
Sudo <1.8.28 - Privilege Escalation
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
by Mohin Paramasivam
CVSS 8.8
CVE-2019-25434 EXPLOITDB HIGH python
SpotAuditor 5.3.1.0 - Unauthenticated Denial of Service via Registration Name Field
SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name field during registration to trigger an unhandled exception that crashes the application.
by Sanjana shetty
CVSS 7.5
CVE-2019-16282 EXPLOITDB MEDIUM text
NCH Express Invoice 7.12 - Authenticated Stored Cross-Site Scripting via Invoices/Items/Customers Fields
In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript.
by Debashis Pal
CVSS 5.4
CVE-2019-25066 EXPLOITDB MEDIUM python
ajenti <2.1.31 - Privilege Escalation
A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component.
by Jeremy Brown
CVSS 6.3
CVE-2019-14737 EXPLOITDB HIGH text
Ubisoft Uplay 92.0.0.6280 - Insecure Default Permissions
Ubisoft Uplay 92.0.0.6280 has Insecure Permissions.
by Kusol Watchara-Apanukorn
CVSS 7.8
EIP-2026-114850 EXPLOITDB python
ActiveFax Server 6.92 Build 0316 - 'POP3 Server' Denial of Service
by stresser
CVE-2019-17503 EXPLOITDB MEDIUM text
Kirona DRS 5.5.3.5 - Info Disclosure
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.
by Ramikan
CVSS 5.3
CVE-2019-17671 EXPLOITDB MEDIUM
WordPress < 5.2.4 - Unauthenticated Exposure of Sensitive Information via Static Query Property
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
by Sebastian Neef
CVSS 5.3
CVE-2019-10098 EXPLOITDB MEDIUM
Apache HTTP Server 2.4.0-2.4.39 - Open Redirect via Encoded Newlines in mod_rewrite
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
by Sebastian Neef
CVSS 6.1
CVE-2019-10092 EXPLOITDB MEDIUM
Apache HTTP Server 2.4.0-2.4.39 - Cross-Site Scripting in mod_proxy Error Page
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
by Sebastian Neef
CVSS 6.1
EIP-2026-117667 EXPLOITDB text
National Instruments Circuit Design Suite 14.0 - Local Privilege Escalation
by Ivan Marmolejo
EIP-2026-113569 EXPLOITDB ruby
WordPress Plugin Arforms 3.7.1 - Directory Traversal
by Ahmad Almorabea