Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-20469 EXPLOITDB CRITICAL text
Sahi Pro < 8.0.0 - SQL Injection via Web Reports Module Parameter
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.
by Goutham Madhwaraj
CVSS 9.8
CVE-2018-20472 EXPLOITDB MEDIUM text
Sahi Pro < 8.0.0 - Stored Cross-Site Scripting in Logs Web Interface
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS.
by Goutham Madhwaraj
CVSS 5.4
CVE-2018-20470 EXPLOITDB HIGH text
Sahi Pro < 8.0.0 - Directory Traversal in Web Reports Module
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.
by Goutham Madhwaraj
CVSS 7.5
CVE-2019-12181 EXPLOITDB HIGH c VERIFIED
Serv-U FTP Server prepareinstallation Privilege Escalation
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
by Guy Levin
CVSS 8.8
CVE-2019-12920 EXPLOITDB CRITICAL text
Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 - Unauthenticated Remote Root Access via Hardcoded TELNET Credentials
On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt.
by Alex Akinbi
CVSS 9.8
CVE-2019-12919 EXPLOITDB MEDIUM text
Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 - Unauthenticated SD Card Access via HTTP Service
On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP web server on the camera allows anyone to view or download the video archive recorded and saved on the external memory card attached to the device.
by Alex Akinbi
CVSS 5.5
CVE-2019-12890 EXPLOITDB CRITICAL python
RedwoodHQ 2.5.5 - Unauthenticated Admin User Creation via Database Insert Operation
RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call.
by EthicalHCOP
CVSS 9.8
EIP-2026-117539 EXPLOITDB text
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)
by Gushmazuko
CVE-2019-12323 EXPLOITDB HIGH text
Hosting Controller HC10 10.14 - DoS
The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS.
by hyp3rlinx
CVSS 7.5
CVE-2019-13294 EXPLOITDB CRITICAL ruby
AROX School-ERP Pro - Unauthenticated Remote Code Execution via import_stud.php and upload_fille.php
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.
by AkkuS
CVSS 9.8
CVE-2019-11706 EXPLOITDB HIGH text
Thunderbird <60.7.1 - Use After Free
A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1.
by X41 D-Sec GmbH
CVSS 7.5
CVE-2019-11703 EXPLOITDB CRITICAL text
Thunderbird <60.7.1 - Buffer Overflow
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
by X41 D-Sec GmbH
CVSS 9.8
CVE-2019-11705 EXPLOITDB CRITICAL text
Thunderbird <60.7.1 - Buffer Overflow
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
by X41 D-Sec GmbH
CVSS 9.8
CVE-2019-11704 EXPLOITDB CRITICAL text
Thunderbird <60.7.1 - Buffer Overflow
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
by X41 D-Sec GmbH
CVSS 9.8
CVE-2019-10149 EXPLOITDB CRITICAL bash VERIFIED
Exim 4.87 - 4.91 Local Privilege Escalation
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
by Marco Ivaldi
CVSS 9.8
EIP-2026-102700 EXPLOITDB python
Netperf 2.6.0 - Stack-Based Buffer Overflow
by Juan Sacco
EIP-2026-102699 EXPLOITDB python
Netperf 2.6.0 - Stack-Based Buffer Overflow
by Juan Sacco
CVE-2019-3778 EXPLOITDB MEDIUM text
Spring Security OAuth < 2.0.17 - Open Redirect via Authorization Endpoint
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the "redirect_uri" parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and uses the DefaultRedirectResolver in the AuthorizationEndpoint. This vulnerability does not expose applications that: Act in the role of an Authorization Server and uses a different RedirectResolver implementation other than DefaultRedirectResolver, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).
by Riemann
CVSS 6.5
CVE-2020-19513 EXPLOITDB HIGH python
AIDA64 Engineer 6.00.5100 - Buffer Overflow via SEH Handler Overwrite
Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler.
by Nipun Jaswal
CVSS 7.8
EIP-2026-102800 EXPLOITDB bash VERIFIED
CentOS 7.6 - 'ptrace_scope' Privilege Escalation
by s4vitar
CVE-2018-19113 EXPLOITDB HIGH text
Pronestor Health Monitoring < 8.1.12.0 - Privilege Escalation via Trojan Horse Executable
The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has "BUILTIN\Users:(I)(F)" permissions for the "%PROGRAMFILES(X86)%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse PronestorHealthMonitor.exe file.
by PovlTekstTV
CVSS 7.3
CVE-2019-11080 EXPLOITDB HIGH text
Sitecore Experience Platform < 9.1.1 - Authenticated Remote Code Execution via Deserialization
Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object.
by Jarad Kopf
CVSS 8.8
EIP-2026-107317 EXPLOITDB python
FusionPBX 4.4.3 - Remote Command Execution
by Dustin Cobb
CVE-2019-12788 EXPLOITDB HIGH python
Photodex ProShow Producer 9.0.3797 - Out-of-bounds Write via Crafted File
An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges). It is possible to perform a buffer overflow via a crafted file.
by Yonatan_Correa
CVSS 7.8
EIP-2026-113834 EXPLOITDB text
WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution
by xulchibalraa