Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-8662 EXPLOITDB CRITICAL text VERIFIED
iPhone OS < 12.4 - Use-After-Free via Untrusted NSDictionary Deserialization
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.
by Google Security Research
CVSS 9.8
CVE-2019-8671 EXPLOITDB HIGH text VERIFIED
iCloud < 7.13 - Memory Corruption via Malicious Web Content
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2019-8672 EXPLOITDB HIGH text VERIFIED
iCloud < 7.13 - Memory Corruption via Malicious Web Content
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2019-8646 EXPLOITDB HIGH text VERIFIED
iPhone OS < 12.4 - Out-of-bounds Read
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to leak memory.
by Google Security Research
CVSS 7.5
CVE-2019-8647 EXPLOITDB CRITICAL text VERIFIED
iPhone OS < 12.4 - Remote Code Execution via Use-After-Free
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution.
by Google Security Research
CVSS 9.8
CVE-2019-8660 EXPLOITDB CRITICAL text VERIFIED
iPhone OS < 12.4 - Remote Code Execution via Memory Corruption
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
by Google Security Research
CVSS 9.8
EIP-2026-103212 EXPLOITDB ruby VERIFIED
Redis 4.x / 5.x - Unauthenticated Code Execution (Metasploit)
by Metasploit
CVE-2019-3948 EXPLOITDB HIGH python VERIFIED
Amcrest IP2M-841B and Dahua Cameras < 2018-05-18 - Unauthenticated Audio Stream Access via /videotalk Endpoint
The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and potentionally listen to the audio of the capturing device.
by Jacob Baines
CVSS 7.5
CVE-2019-25739 EXPLOITDB MEDIUM text
GigToDo Freelance Marketplace Script 1.3 Persistent XSS
GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers can craft XSS payloads in the create_proposal endpoint that execute when administrators or other users view the stored proposal, enabling cookie theft and malicious redirects.
by m0ze
CVSS 5.4
CVE-2019-6814 EXPLOITDB CRITICAL ruby VERIFIED
NET55XX Encoder Firmware < 2.1.9.7 - Improper Authentication
A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.
by Metasploit
CVSS 9.8
EIP-2026-114347 EXPLOITDB text
WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting
by m0ze
CVE-2019-14328 EXPLOITDB HIGH html
WordPress Simple Membership <3.8.5 - CSRF
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
by rubyman
CVSS 8.8
EIP-2026-104789 EXPLOITDB ruby VERIFIED
WordPress Plugin Database Backup < 5.2 - Remote Code Execution (Metasploit)
by Metasploit
CVE-2019-1132 EXPLOITDB HIGH c++
Windows 7 and Windows Server 2008 - Elevation of Privilege in Win32k Component
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
by ShivamTrivedi
CVSS 7.8
CVE-2018-1042 EXPLOITDB MEDIUM text
Moodle < 3.1.9 and 3.4-3.4.1 - Server-Side Request Forgery via Filepicker
Moodle 3.x has Server Side Request Forgery in the filepicker.
by Fabian Mosch_ Nick Theisinger
CVSS 6.5
CVE-2019-14267 EXPLOITDB HIGH text VERIFIED
PDFResurrect 0.15 - Buffer Overflow
PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled.
by j0lama
CVSS 7.8
CVE-2019-10267 EXPLOITDB HIGH python VERIFIED
Ahsay Cloud Backup Suite 7.7.0.0-8.1.0.50 - Unauthenticated Arbitrary File Upload RCE
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator).
by Wietse Boonstra
CVSS 8.8
CVE-2019-10266 EXPLOITDB HIGH text
Ahsay Cloud Backup Suite 7.7.0.0-8.1.1.50 - Unauthenticated XML External Entity Injection
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication.
by Wietse Boonstra
CVSS 7.5
CVE-2019-10267 EXPLOITDB HIGH ruby
Ahsay Cloud Backup Suite 7.7.0.0-8.1.0.50 - Unauthenticated Arbitrary File Upload RCE
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator).
by Wietse Boonstra
CVSS 8.8
EIP-2026-110418 EXPLOITDB text
Ovidentia 8.4.3 - SQL Injection
by UserX
CVE-2019-13977 EXPLOITDB MEDIUM text
Ovidentia 8.4.3 - Cross-Site Scripting via Multiple Parameters
index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.
by n3k00n3
CVSS 5.4
EIP-2026-109703 EXPLOITDB php
MyBB < 1.8.21 - Remote Code Execution
by Giovanni Chhatta
CVE-2019-8649 EXPLOITDB MEDIUM text VERIFIED
iCloud < 7.13 - Universal Cross-Site Scripting via Synchronous Page Load Handling
A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.
by Google Security Research
CVSS 6.1
CVE-2019-25738 EXPLOITDB CRITICAL python
WordPress Hybrid Composer 1.4.6 Unauthenticated Settings Change
WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to hc_ajax_save_option to enable user registration and set the default role to administrator, enabling account takeover.
by yasin
CVSS 9.8
CVE-2019-25439 EXPLOITDB HIGH text
NoviSmart CMS - SQL Injection via Referer HTTP Header
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive database information or cause denial of service.
by n1x_
CVSS 8.2