Exploitdb Exploits
49,983 exploits tracked across all sources.
WordPress Plugin OneSignal 1.17.5 - 'subdomain' Persistent Cross-Site Scripting
by LiquidWorm
WinMPG iPod Convert 3.0 - Buffer Overflow
WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service condition.
by stresser
CVSS 6.2
MAPLE WBT SNMP Admin <2.0.195.15 - Buffer Overflow
SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987.
by hyp3rlinx
CVSS 9.8
Windows - Privilege Escalation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Metasploit
CVSS 7.8
Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting
by Sarath Nair
Linux Polkit pkexec helper PTRACE_TRACEME local root exploit
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
by Google Security Research
CVSS 7.8
R 3.4.4 Windows x64 - Buffer Overflow
R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler chain pivot and execute arbitrary shellcode with application privileges.
by blackleitus
CVSS 6.2
Windows AppX Deployment Service - Privilege Escalation
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
by Metasploit
CVSS 7.8
Solarwinds Dameware Mini Remote Control < 12.1 - Memory Corruption
SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow.
by Xavi Beltran
CVSS 7.8
Microsoft Compiled HTML Help / Uncompiled .chm File - XML External Entity Injection
by hyp3rlinx
Webpanel - Information Disclosure
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
by Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Narin Boonwasanarak
CVSS 5.3
Webpanel - Unrestricted File Upload
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
by Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Narin Boonwasanarak
CVSS 7.5
CentOS Web Panel 0.9.8.838-0.9.8.846 - Auth Bypass
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360.
by Pongtorn Angsuchotmetee
CVSS 8.8
Laravel Framework <5.6.30 - RCE
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
by Metasploit
CVSS 8.1
Streamripper 2.6 - 'Song Pattern' Buffer Overflow
by Andrey Stoykov
Streamripper 2.6 - 'Song Pattern' Buffer Overflow
by Andrey Stoykov
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by RAMELLA Sebastien
CVSS 9.8
Flightpath < 4.8.3 - Path Traversal
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module.
by Mohammed Althibyani
CVSS 5.3
Netgear WiFi Router JWNR2010v5 / R6080 - Authentication Bypass
by Wadeek
Cisco Sg200-50 Firmware - Open Redirect
A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.
by Ramikan
CVSS 4.7
Android -< 9 - RCE
In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130024844.
by Marcin Kozlowski
CVSS 8.8
Microsoft Windows 10 - Information Disclosure
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.
To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges.
The issue has been addressed by changing how NTLM validates network authentication messages.
by Google Security Research
CVSS 8.5
Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData
by Google Security Research
Myt - XSS
In MyT 1.5.1, the User[username] parameter has XSS.
by Metin Yunus Kandemir
CVSS 6.1
Xymon <4.3.25 - Command Injection
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.
by Metasploit
CVSS 8.8
By Source