Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-13494 EXPLOITDB HIGH python
Castlerock Simple Network Management ... - Out-of-Bounds Write
nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0.9 has a stack-based buffer overflow via a long variable string in a Map Objects text file.
by xerubus
CVSS 7.8
CVE-2019-13493 EXPLOITDB MEDIUM text
Sitecore XP 9.0.171002 Authenticated Stored XSS in Media Library
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.
by Owais Mehtab
CVSS 5.4
EIP-2026-115781 EXPLOITDB text VERIFIED
Microsoft Windows - Font Subsetting DLL Heap-Based Out-of-Bounds Read in MergeFonts
by Google Security Research
EIP-2026-115637 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Use of Uninitialized Memory While Freeing Resources in var_loadavar
by Google Security Research
EIP-2026-115636 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes
by Google Security Research
CVE-2019-1123 EXPLOITDB HIGH text VERIFIED
Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1117 EXPLOITDB HIGH text VERIFIED
Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1127 EXPLOITDB HIGH text VERIFIED
Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1118 EXPLOITDB HIGH text VERIFIED
Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1119 EXPLOITDB HIGH text VERIFIED
Windows 10 and Windows Server 2019 - Remote Code Execution in DirectWrite
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
EIP-2026-115635 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index
by Google Security Research
EIP-2026-115634 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - NULL Pointer Dereferences in OpenType Font Handling While Accessing Empty dynarrays
by Google Security Research
EIP-2026-115633 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Multiple Bugs in OpenType Font Handling Related to the _post_ Table
by Google Security Research
EIP-2026-115632 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW
by Google Security Research
CVE-2019-1121 EXPLOITDB HIGH text VERIFIED
Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1124 EXPLOITDB HIGH text VERIFIED
Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1122 EXPLOITDB HIGH text VERIFIED
Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1120 EXPLOITDB HIGH text VERIFIED
Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
EIP-2026-115631 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding
by Google Security Research
CVE-2019-1128 EXPLOITDB HIGH text VERIFIED
Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127.
by Google Security Research
CVSS 8.8
EIP-2026-115630 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow Due to Integer Overflow in readTTCDirectory
by Google Security Research
EIP-2026-103578 EXPLOITDB javascript VERIFIED
Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access
by Google Security Research
EIP-2026-101453 EXPLOITDB python
Siemens TIA Portal - Remote Command Execution
by Joseph Bingham
CVE-2019-5596 EXPLOITDB HIGH bash
FreeBSD 11.2-STABLE, 12.0-STABLE < r343781, 12.0-RELEASE < p3 - Privilege Escalation via UNIX Domain Socket
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.
by gr4yf0x
CVSS 8.8
EIP-2026-103468 EXPLOITDB html
Firefox 67.0.4 - Denial of Service
by Tejas Ajay Naik