Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-103306 EXPLOITDB text
Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting
by Sarath Nair
CVE-2019-13272 EXPLOITDB HIGH text VERIFIED
Linux Polkit pkexec helper PTRACE_TRACEME local root exploit
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
by Google Security Research
CVSS 7.8
CVE-2019-25485 EXPLOITDB MEDIUM python
R 3.4.4 Windows x64 - Buffer Overflow
R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler chain pivot and execute arbitrary shellcode with application privileges.
by blackleitus
CVSS 6.2
CVE-2019-0841 EXPLOITDB HIGH ruby VERIFIED
Windows AppX Deployment Service - Privilege Escalation
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
by Metasploit
CVSS 7.8
CVE-2018-12897 EXPLOITDB HIGH python
SolarWinds DameWare Mini Remote Control < 12.1 - Buffer Overflow
SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow.
by Xavi Beltran
CVSS 7.8
EIP-2026-115629 EXPLOITDB text VERIFIED
Microsoft Compiled HTML Help / Uncompiled .chm File - XML External Entity Injection
by hyp3rlinx
CVE-2019-13383 EXPLOITDB MEDIUM text
Webpanel - Information Disclosure
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
by Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Narin Boonwasanarak
CVSS 5.3
CVE-2019-13359 EXPLOITDB HIGH text
Webpanel - Unrestricted File Upload
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
by Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Narin Boonwasanarak
CVSS 7.5
CVE-2019-13605 EXPLOITDB HIGH text
CentOS Web Panel 0.9.8.838-0.9.8.846 - Auth Bypass
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360.
by Pongtorn Angsuchotmetee
CVSS 8.8
CVE-2018-15133 EXPLOITDB HIGH ruby VERIFIED
Laravel Framework < 5.5.40 and 5.6.x < 5.6.30 - Remote Code Execution via Unserialize of X-XSRF-TOKEN
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
by Metasploit
CVSS 8.1
EIP-2026-117968 EXPLOITDB python
Streamripper 2.6 - 'Song Pattern' Buffer Overflow
by Andrey Stoykov
EIP-2026-117967 EXPLOITDB python
Streamripper 2.6 - 'Song Pattern' Buffer Overflow
by Andrey Stoykov
CVE-2019-0708 EXPLOITDB CRITICAL ruby
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by RAMELLA Sebastien
CVSS 9.8
CVE-2019-13396 EXPLOITDB MEDIUM text
FlightPath 4.x-5.0.x - Path Traversal and Local File Inclusion via form_include Parameter
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module.
by Mohammed Althibyani
CVSS 5.3
EIP-2026-101873 EXPLOITDB text
Netgear WiFi Router JWNR2010v5 / R6080 - Authentication Bypass
by Wadeek
CVE-2019-1943 EXPLOITDB MEDIUM text
Cisco Small Business 200, 300, and 500 Series Switches - Unauthenticated Open Redirect via HTTP Request Parameter
A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.
by Ramikan
CVSS 4.7
CVE-2019-2107 EXPLOITDB HIGH text
Android 7.0-9 - Out-of-bounds Write in ihevcd_parse_pps
In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130024844.
by Marcin Kozlowski
CVSS 8.8
CVE-2019-1019 EXPLOITDB HIGH text VERIFIED
Windows - Security Feature Bypass via NETLOGON Message Session Key Exposure
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges. The issue has been addressed by changing how NTLM validates network authentication messages.
by Google Security Research
CVSS 8.5
EIP-2026-115658 EXPLOITDB text VERIFIED
Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData
by Google Security Research
CVE-2019-13346 EXPLOITDB MEDIUM text
MyT 1.5.1 Username - Cross-Site Scripting
In MyT 1.5.1, the User[username] parameter has XSS.
by Metin Yunus Kandemir
CVSS 6.1
CVE-2016-2056 EXPLOITDB HIGH ruby VERIFIED
Xymon 4.1.x-4.3.x - Authenticated Command Injection via adduser_name Argument
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.
by Metasploit
CVSS 8.8
CVE-2019-13597 EXPLOITDB CRITICAL python
Sahi Pro 8.0.0 - Unauthenticated Remote Code Execution via Player_setScriptFile
_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function.
by AkkuS
CVSS 9.8
CVE-2019-10349 EXPLOITDB MEDIUM text
Jenkins Dependency Graph Viewer Plugin < 0.13 - Stored Cross-Site Scripting
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
by Ishaq Mohammed
CVSS 5.4
CVE-2019-13491 EXPLOITDB text
Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting
by ABDO10
CVE-2019-12991 EXPLOITDB HIGH python VERIFIED
Citrix SD-WAN 10.2.0-10.2.2 and NetScaler SD-WAN 10.0.0-10.0.7 - OS Command Injection
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
by Chris Lyne
CVSS 8.8