Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106062 EXPLOITDB text VERIFIED
College-Management-System 1.2 - Authentication Bypass
by cakes
CVE-2019-25469 EXPLOITDB MEDIUM python
Folder Lock 7.7.9 - Buffer Overflow
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and Registration Key' field to trigger a denial of service condition.
by Achilles
CVSS 6.2
CVE-2019-12922 EXPLOITDB MEDIUM text
phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery in Setup Page
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
by Manuel García Cárdenas
CVSS 6.5
CVE-2019-16173 EXPLOITDB MEDIUM text VERIFIED
LimeSurvey < 3.17.14 - Reflected Cross-Site Scripting in Survey_Common_Action.php
LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php,
by SEC Consult
CVSS 5.4
CVE-2019-16197 EXPLOITDB MEDIUM text
Dolibarr < 10.0.2 - Stored Cross-Site Scripting via User-Agent Header
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.
by Metin Yunus Kandemir
CVSS 6.1
CVE-2019-1244 EXPLOITDB MEDIUM text VERIFIED
Windows 10 - Information Disclosure via DirectWrite Memory Handling
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251.
by Google Security Research
CVSS 6.5
CVE-2019-1245 EXPLOITDB MEDIUM text VERIFIED
Windows DirectWrite - Information Disclosure via Memory Exposure
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1251.
by Google Security Research
CVSS 6.5
CVE-2019-25470 EXPLOITDB HIGH python VERIFIED
eWON Firmware 12.2-13.0 - Auth Bypass
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentials and a crafted wsdList parameter to extract encrypted passwords for all users, which can be decrypted using a hardcoded XOR key.
by Photubias
CVSS 7.5
CVE-2018-25159 EXPLOITDB CRITICAL python
Epross AVCON6 - Unauthenticated Remote Code Execution via OGNL Injection in Login Action
Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OGNL payloads in the redirect parameter to instantiate ProcessBuilder objects and execute system commands with root privileges.
by Nassim Asrir
CVSS 9.8
EIP-2026-117555 EXPLOITDB ruby VERIFIED
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)
by Metasploit
EIP-2026-117554 EXPLOITDB ruby VERIFIED
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)
by Metasploit
EIP-2026-117553 EXPLOITDB ruby VERIFIED
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
by Metasploit
EIP-2026-117552 EXPLOITDB ruby VERIFIED
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
by Metasploit
CVE-2019-16119 EXPLOITDB CRITICAL text
10Web Photo Gallery <1.5.35 - SQL Injection
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.
by MTK
CVSS 9.8
CVE-2019-16118 EXPLOITDB MEDIUM text
10web Photo Gallery < 1.5.35 - Cross-Site Scripting via Options.php
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.
by MTK
CVSS 6.1
CVE-2019-16117 EXPLOITDB MEDIUM text
10web Photo Gallery < 1.5.35 - Cross-Site Scripting via Galleries.php
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.
by MTK
CVSS 6.1
CVE-2017-1000119 EXPLOITDB HIGH ruby VERIFIED
October CMS <build 412 - Code Injection
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.
by Metasploit
CVSS 7.2
CVE-2019-10669 EXPLOITDB HIGH ruby VERIFIED
LibreNMS < 1.47 - OS Command Injection via collectd.inc.php
An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru().
by Metasploit
CVSS 7.2
CVE-2019-25452 EXPLOITDB HIGH text
Dolibarr ERP/CRM 10.0.1 - SQL Injection
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extract sensitive database information using error-based or time-based blind SQL injection techniques.
by Metin Yunus Kandemir
CVSS 7.5
CVE-2019-25450 EXPLOITDB HIGH text
Dolibarr ERP/CRM 10.0.1 - SQL Injection
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demand_reason_id, and availability_id in card.php endpoints to extract sensitive database information using boolean-based blind, error-based, and time-based blind techniques.
by Metin Yunus Kandemir
CVSS 7.5
CVE-2019-25240 EXPLOITDB CRITICAL bash
Rifatron 5brid DVR - Unauthenticated Access
Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication.
by LiquidWorm
CVSS 9.8
EIP-2026-114028 EXPLOITDB text
WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting
by Mr Winst0n
EIP-2026-113505 EXPLOITDB perl
WordPress Core 5.2.3 - Cross-Site Host Modification
by Todor Donev
EIP-2026-110056 EXPLOITDB text
Online Appointment - SQL Injection
by mohammad zaheri
CVE-2019-16065 EXPLOITDB HIGH text
Enigma NMS < 65.0.0 - SQL Injection via manage_hosts_short.cgi search_pattern Parameter
A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server, expose database tables and values, and potentially execute system-based commands as the mysql user. This affects the search_pattern value of the manage_hosts_short.cgi script.
by xerubus
CVSS 8.8