Exploitdb Exploits

49,983 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-13597 EXPLOITDB CRITICAL python
Sahi Pro 8.0.0 - Command Injection
_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function.
by AkkuS
CVSS 9.8
CVE-2019-10349 EXPLOITDB MEDIUM text
Jenkins Dependency Graph Viewer < 0.13 - XSS
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
by Ishaq Mohammed
CVSS 5.4
CVE-2019-13491 EXPLOITDB text
Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting
by ABDO10
CVE-2019-12991 EXPLOITDB HIGH python VERIFIED
Citrix Netscaler Sd-wan < 10.0.8 - OS Command Injection
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
by Chris Lyne
CVSS 8.8
CVE-2019-13494 EXPLOITDB HIGH python
Castlerock Simple Network Management ... - Out-of-Bounds Write
nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0.9 has a stack-based buffer overflow via a long variable string in a Map Objects text file.
by xerubus
CVSS 7.8
CVE-2019-13493 EXPLOITDB MEDIUM text
Sitecore Experience Platform - XSS
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.
by Owais Mehtab
CVSS 5.4
EIP-2026-115781 EXPLOITDB text VERIFIED
Microsoft Windows - Font Subsetting DLL Heap-Based Out-of-Bounds Read in MergeFonts
by Google Security Research
EIP-2026-115637 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Use of Uninitialized Memory While Freeing Resources in var_loadavar
by Google Security Research
EIP-2026-115636 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes
by Google Security Research
CVE-2019-1123 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1117 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1127 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1118 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1119 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
EIP-2026-115635 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index
by Google Security Research
EIP-2026-115634 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - NULL Pointer Dereferences in OpenType Font Handling While Accessing Empty dynarrays
by Google Security Research
EIP-2026-115633 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Multiple Bugs in OpenType Font Handling Related to the _post_ Table
by Google Security Research
EIP-2026-115632 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW
by Google Security Research
CVE-2019-1121 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1124 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1122 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1120 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
EIP-2026-115631 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding
by Google Security Research
CVE-2019-1128 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127.
by Google Security Research
CVSS 8.8
EIP-2026-115630 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow Due to Integer Overflow in readTTCDirectory
by Google Security Research
By Source
All 49,983 Writeup 59,542 Exploitdb 49,983 Nomisec 21,465 Metasploit 3,217 Github 2,523 Vulncheck_xdb 902 Inthewild 514 Gitlab 440 Gitee 415 Patchapalooza 312
By Language
text 31,329 python 5,912 ruby 5,906 c 3,561 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 88 go 53 postscript 25 xml 24