Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-4013 EXPLOITDB CRITICAL text
IBM BigFix Platform 9.5.0-9.5.10 - Authenticated Arbitrary File Upload and Remote Code Execution
IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.
by Jakub Palaczynski
CVSS 9.0
CVE-2019-25438 EXPLOITDB HIGH text
LabCollector 5.423 - Unauthenticated SQL Injection via login.php or retrieve_password.php Parameters
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user_name parameter of retrieve_password.php to extract sensitive database information without authentication.
by Carlos Avila
CVSS 7.5
CVE-2019-2215 EXPLOITDB HIGH text VERIFIED
Android Binder Use-After-Free Exploit
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
by Google Security Research
CVSS 7.8
EIP-2026-110631 EXPLOITDB php
PHP 7.0 < 7.3 (Unix) - 'gc' disable_functions Bypass
by mm0r1
CVE-2018-7251 EXPLOITDB CRITICAL python
Anchor CMS < 0.12.7 - Sensitive Information Exposure via Error Log
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.
by Tijme Gommers
CVSS 9.8
CVE-2019-17080 EXPLOITDB HIGH python
mintinstall 7.9.9 - Remote Code Execution via Untrusted REVIEWS_CACHE Deserialization
mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and backports.
by İbrahim Hakan Şeker
CVSS 7.8
CVE-2017-0148 EXPLOITDB HIGH ruby VERIFIED
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.
by Metasploit
CVSS 8.1
EIP-2026-106426 EXPLOITDB php
Detrix EDMS 1.2.3.1505 - SQL Injection
by Burov Konstantin
EIP-2026-117018 EXPLOITDB python
DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH)
by Xavi Beltran
EIP-2026-117017 EXPLOITDB python
DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH)
by Xavi Beltran
CVE-2019-12562 EXPLOITDB MEDIUM python
DotNetNuke < 9.4.0 - Stored Cross-Site Scripting in Admin Notification Page
Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.
by MaYaSeVeN
CVSS 6.1
EIP-2026-104226 EXPLOITDB text
DotNetNuke 9.3.2 - Cross-Site Scripting
by Semen Alexandrovich Lyhin
EIP-2026-103711 EXPLOITDB text VERIFIED
WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads
by Google Security Research
EIP-2026-103710 EXPLOITDB html VERIFIED
WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment
by Google Security Research
EIP-2026-103709 EXPLOITDB text VERIFIED
WebKit - Universal XSS Using Cached Pages
by Google Security Research
EIP-2026-103708 EXPLOITDB html VERIFIED
WebKit - Universal XSS in WebCore::command
by Google Security Research
EIP-2026-102628 EXPLOITDB python
kic 2.4a - Denial of Service
by JosueEncinar
CVE-2019-25441 EXPLOITDB CRITICAL text
thesystem 1.0 - Unauthenticated OS Command Injection via run_command Endpoint
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on the server without authentication.
by Sadik Cetin
CVSS 9.8
CVE-2019-25311 EXPLOITDB MEDIUM text
thesystem 1.0 - Stored Cross-Site Scripting via Operating System Parameter
thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_description, and server_name parameters to execute arbitrary JavaScript in victim browsers.
by Anıl Baran Yelken
CVSS 6.4
CVE-2019-16902 EXPLOITDB HIGH ruby
ARforms 3.7.1 - Unauthenticated Arbitrary File Deletion via arf_delete_file
In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname.
by Ahmad Almorabea
CVSS 7.5
CVE-2019-16759 EXPLOITDB CRITICAL ruby
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
by r00tpgp
CVSS 9.8
CVE-2019-16692 EXPLOITDB CRITICAL python
phpipam < 1.4 - SQL Injection via Custom Fields Filter Table Parameter
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
by Kevin Kirsche
CVSS 9.8
CVE-2019-16645 EXPLOITDB HIGH text
Embedthis GoAhead 2.5.0 - Info Disclosure
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.
by Ramikan
CVSS 8.6
CVE-2019-1914 EXPLOITDB HIGH python
Cisco Small Business 220 Series Smart Switches < 1.1.4.4 - Authenticated Command Injection via Web Management Interface
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. To send the malicious request, the attacker needs a valid login session in the web management interface as a privilege level 15 user. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to execute arbitrary shell commands with the privileges of the root user.
by bashis
CVSS 7.2
EIP-2026-104393 EXPLOITDB php
PHP 7.1 < 7.3 - 'json serializer' disable_functions Bypass
by mm0r1