Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25742 EXPLOITDB MEDIUM text
WordPress Theme Zoner Real Estate 4.1.1 Persistent XSS
WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execute when administrators view the property for approval, enabling cookie theft and session hijacking.
by m0ze
CVSS 5.4
CVE-2019-25741 EXPLOITDB CRITICAL python
Mobatek MobaXterm 12.1 Buffer Overflow via Sessions File
Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the vulnerability when imported and executed, enabling reverse shell execution with user privileges.
by Xavi Beltran
CVSS 9.8
CVE-2019-25347 EXPLOITDB HIGH text
thesystem App 1.0 - SQL Injection
thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. Attackers can inject malicious SQL code like ' or '1=1 to the username field to gain unauthorized access to user accounts.
by Anıl Baran Yelken
CVSS 7.5
CVE-2019-25346 EXPLOITDB HIGH text
TheSystem 1.0 - SQL Injection
TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information.
by Sadik Cetin
CVSS 7.5
CVE-2019-25312 EXPLOITDB MEDIUM text
InoERP 0.7.2 - Unauthenticated Stored Cross-Site Scripting in Comment Section
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session information.
by strider
CVSS 5.4
CVE-2019-25239 EXPLOITDB HIGH text
V-SOL GPON/EPON OLT Platform 2.03 - Info Disclosure
V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint, potentially enabling authentication bypass and system access.
by LiquidWorm
CVSS 7.5
CVE-2019-25238 EXPLOITDB MEDIUM text
V-SOL GPON/EPON OLT Platform 2.03 - CSRF
V-SOL GPON/EPON OLT Platform 2.03 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to create admin users, enable SSH, or modify system settings by tricking authenticated administrators into loading a specially crafted page.
by LiquidWorm
CVSS 4.3
CVE-2019-25237 EXPLOITDB CRITICAL text
V-SOL GPON/EPON OLT Platform v2.03 - Privilege Escalation
V-SOL GPON/EPON OLT Platform v2.03 contains a privilege escalation vulnerability that allows normal users to gain administrative access by manipulating the user role parameter. Attackers can send a crafted HTTP POST request to the user management endpoint with 'user_role_mod' set to integer value '1' to elevate their privileges.
by LiquidWorm
CVSS 9.8
EIP-2026-112657 EXPLOITDB text
thesystem App 1.0 - Persistent Cross-Site Scripting
by İsmail Güngör
CVE-2018-25158 EXPLOITDB HIGH text
Chamilo LMS 1.11.8 - Authenticated RCE
Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute arbitrary code by accessing the uploaded files.
by Sohel Yousef
CVSS 8.8
CVE-2019-25314 EXPLOITDB MEDIUM text
Yoast Duplicate-Post WP <3.2.3 - XSS
Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces.
by Unk9vvN
CVSS 5.5
CVE-2019-16894 EXPLOITDB CRITICAL text
inoERP 4.15 - SQL Injection via Insecure Deserialization in download.php
download.php in inoERP 4.15 allows SQL injection through insecure deserialization.
by Semen Alexandrovich Lyhin
CVSS 9.8
EIP-2026-105855 EXPLOITDB text VERIFIED
citecodecrashers Pic-A-Point 1.1 - 'Consignment' SQL Injection
by cakes
EIP-2026-105101 EXPLOITDB text
all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting
by Unk9vvN
CVE-2019-25315 EXPLOITDB MEDIUM text
WordPress Server Log Viewer 1.0 - XSS
WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface.
by strider
CVSS 6.4
CVE-2019-16532 EXPLOITDB MEDIUM text
YzmCMS V5.3 - HTTP Host Header Injection
An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections.
by Debashis Pal
CVSS 6.1
EIP-2026-116312 EXPLOITDB text
SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service
by Emilio Revelo
CVE-2015-5287 EXPLOITDB ruby VERIFIED
ABRT sosreport Privilege Escalation
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
by Metasploit
CVE-2019-5485 EXPLOITDB CRITICAL text
gitlabhook 0.0.17 - OS Command Injection via Repository Name
NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.
by Semen Alexandrovich Lyhin
CVSS 10.0
CVE-2019-1262 EXPLOITDB MEDIUM text
Microsoft SharePoint Foundation - Cross-Site Scripting
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
by Davide Cioccia
CVSS 5.4
CVE-2019-25466 EXPLOITDB HIGH python
Easy File Sharing Web Server 7.2 - Buffer Overflow
Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh value and seh pointer to trigger the overflow when adding a new user account.
by x00pwn
CVSS 8.4
CVE-2019-0708 EXPLOITDB CRITICAL ruby VERIFIED
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by Metasploit
CVSS 9.8
CVE-2019-16724 EXPLOITDB CRITICAL python
File Sharing Wizard 1.5.0 - Buffer Overflow
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331.
by x00pwn
CVSS 9.8
EIP-2026-115790 EXPLOITDB text VERIFIED
Microsoft Windows cryptoapi - SymCrypt Modular Inverse Algorithm Denial of Service
by Google Security Research
EIP-2026-115139 EXPLOITDB python
DeviceViewer 3.12.0.1 - 'creating user' Denial of Service
by x00pwn