Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-15501 EXPLOITDB MEDIUM text
LISTSERV < 16.5-2018a - Reflected Cross-Site Scripting via OK Parameter
Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
by MTK
CVSS 6.1
CVE-2019-1170 EXPLOITDB HIGH text VERIFIED
Windows 10 and Windows Server 2016/2019 - Privilege Escalation via Reparse Point Creation
An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by preventing sandboxed processes from creating reparse points targeting inaccessible files.
by Google Security Research
CVSS 7.9
CVE-2019-14470 EXPLOITDB MEDIUM text
cosenary Instagram-PHP-API <4.9.32 - XSS
cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.
by Damian Ebelties
CVSS 6.1
CVE-2019-15092 EXPLOITDB HIGH text
Webtoffee WordPress Users & WooCommerce Customers Import Export <1....
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.
by Javier Olmedo
CVSS 7.3
CVE-2019-10227 EXPLOITDB MEDIUM python
openITCOCKPIT < 3.7.1 - Reflected Cross-Site Scripting in 404 Not Found Component
openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component.
by Julian Rittweger
CVSS 6.1
CVE-2019-10149 EXPLOITDB CRITICAL ruby VERIFIED
Exim 4.87 - 4.91 Local Privilege Escalation
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
by Metasploit
CVSS 9.8
CVE-2019-11013 EXPLOITDB MEDIUM text
Nimble Streamer 3.0.2-2-3.5.4-9 - Path Traversal
Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server.
by MaYaSeVeN
CVSS 6.5
EIP-2026-109825 EXPLOITDB php
Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation
by Jak Gibb
CVE-2019-11510 EXPLOITDB CRITICAL ruby
Pulse Secure PCS <9.0R3.4 - Info Disclosure
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
by Alyssa Herrera
CVSS 10.0
CVE-2019-9851 EXPLOITDB CRITICAL ruby
LibreOffice - Code Injection
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
by LoadLow
CVSS 9.8
EIP-2026-103882 EXPLOITDB text
Cisco UCS Director_ Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data - Multiple Vulnerabilities
by Pedro Ribeiro
EIP-2026-113532 EXPLOITDB html
WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery
by Princy Edward
CVE-2019-14378 EXPLOITDB HIGH c
libslirp 4.0.0 - Heap-Based Buffer Overflow in ip_reass
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
by vishnudevtj
CVSS 8.8
CVE-2019-25477 EXPLOITDB MEDIUM python
RAR Password Recovery 1.80 - Buffer Overflow
RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. Attackers can craft a malicious input string exceeding 6000 bytes and paste it into the User Name and Registration Code field to trigger an application crash.
by Achilles
CVSS 6.2
CVE-2019-25317 EXPLOITDB MEDIUM text VERIFIED
Kimai < 1.1 - Stored Cross-Site Scripting via Timesheet Description
Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users.
by osamaalaa
CVSS 6.4
CVE-2019-14430 EXPLOITDB MEDIUM text
YouPHPTube < 7.2 - SQL Injection in AuditTable.php
plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.
by Fabian Mosch
CVSS 5.3
CVE-2020-23518 EXPLOITDB MEDIUM text
UltimateKode Neo Billing <3.5 - XSS
Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - Accounting, Invoicing And CRM Software up to version 3.5 which allows remote attackers to inject arbitrary web script or HTML.
by n1x_
CVSS 5.4
CVE-2019-15107 EXPLOITDB CRITICAL bash
Webmin <= 1.920 - OS Command Injection via password_change.cgi Old Parameter
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
by Fernando A. Lagos B
CVSS 9.8
CVE-2018-13379 EXPLOITDB CRITICAL ruby
FortiProxy < 1.2.9 and FortiOS 5.4.6-5.4.12 - Unauthenticated Path Traversal via SSL VPN Web Portal
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
by Carlos E. Vieira
CVSS 9.1
CVE-2018-13379 EXPLOITDB CRITICAL python
FortiProxy < 1.2.9 and FortiOS 5.4.6-5.4.12 - Unauthenticated Path Traversal via SSL VPN Web Portal
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
by Carlos E. Vieira
CVSS 9.1
CVE-2019-25740 EXPLOITDB MEDIUM text
Joomla com_jsjobs 1.2.6 Arbitrary File Deletion
Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field_2 parameter to delete arbitrary files accessible to the web server.
by qw3rTyTy
CVSS 6.5
CVE-2019-25478 EXPLOITDB HIGH text
GetGo Download Manager 6.2.2.3300 - Buffer Overflow
GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make it unavailable.
by Malav Vyas
CVSS 7.5
CVE-2019-25442 EXPLOITDB HIGH text
Web Wiz Forums 12.01 - SQL Injection
Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF values to extract sensitive database information.
by n1x_
CVSS 7.5
CVE-2019-14923 EXPLOITDB HIGH python VERIFIED
EyesOfNetwork 5.1 - Remote Command Execution via Tool All Host Field
EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.
by Nassim Asrir
CVSS 8.8
EIP-2026-107877 EXPLOITDB text
Integria IMS 5.0.86 - Arbitrary File Upload
by Greg.Priest