Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-12616 EXPLOITDB MEDIUM text
phpMyAdmin < 4.9.0 - Cross-Site Request Forgery
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.
by Riemann
CVSS 6.5
CVE-2019-12840 EXPLOITDB HIGH ruby VERIFIED
Webmin < 1.910 - Authenticated Remote Command Execution via Package Updates Module
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
by AkkuS
CVSS 8.8
CVE-2019-6588 EXPLOITDB MEDIUM text
Liferay Portal < 7.1 CE GA4 - Cross-Site Scripting via SimpleCaptcha URL Parameter
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.
by Valerio Brussani
CVSS 4.7
CVE-2019-11398 EXPLOITDB MEDIUM text
UliCMS 2019.1-2019.2 - Cross-Site Scripting via Admin Index Parameters
Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon.
by Unk9vvN
CVSS 6.1
EIP-2026-103025 EXPLOITDB bash
Ubuntu 18.04 - 'lxd' Privilege Escalation
by s4vitar
CVE-2019-0841 EXPLOITDB HIGH text
Windows AppX Deployment Service - Privilege Escalation
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
by SandboxEscaper
CVSS 7.8
CVE-2017-4905 EXPLOITDB MEDIUM
VMware ESXi <6.5-8.5.6 - Info Disclosure
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.
by unamer
CVSS 5.5
CVE-2019-12477 EXPLOITDB MEDIUM text
Supra Smart Cloud TV Remote File Inclusion
Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI.
by Dhiraj Mishra
CVSS 5.5
CVE-2019-8352 EXPLOITDB CRITICAL ruby VERIFIED
BMC PATROL Agent < 11.3.01 - Use of Hard-coded Credentials
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network.
by Metasploit
CVSS 9.8
EIP-2026-103491 EXPLOITDB html VERIFIED
Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free
by Google Security Research
CVE-2018-20434 EXPLOITDB CRITICAL ruby VERIFIED
LibreNMS 1.46 - OS Command Injection via $_POST['community'] Parameter
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.
by Metasploit
CVSS 9.8
CVE-2019-10149 EXPLOITDB CRITICAL text
Exim 4.87 - 4.91 Local Privilege Escalation
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
by Qualys Corporation
CVSS 9.8
CVE-2019-9621 EXPLOITDB HIGH python
Zimbra Collaboration Suite <8.6-8.8 - SSRF
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
by k8gege
CVSS 7.5
CVE-2019-25604 EXPLOITDB HIGH python
DVDXPlayer Pro 5.5 Local Buffer Overflow with SEH
DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a buffer and hijacks the SEH chain to execute arbitrary code with application privileges.
by Kevin Randall
CVSS 8.4
CVE-2019-12593 EXPLOITDB HIGH text
IceWarp Mail Server <= 10.4.4 - Local File Inclusion via Webmail Calendar Minimizer
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
by JameelNabbo
CVSS 7.5
CVE-2019-12735 EXPLOITDB HIGH
Vim < 8.1.1365 and Neovim < 0.3.6 - OS Command Injection via Modeline :source! Command
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
by Arminius
CVSS 8.6
CVE-2019-12541 EXPLOITDB MEDIUM text
ManageEngine ServiceDesk Plus 9.3 - Stored Cross-Site Scripting via SolutionSearch.do searchText Parameter
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.
by Vingroup
CVSS 6.1
CVE-2019-12538 EXPLOITDB MEDIUM text
Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting via SiteLookup.do Search Field
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
by Vingroup
CVSS 6.1
CVE-2019-12542 EXPLOITDB MEDIUM text
ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting via SearchN.do userConfigID Parameter
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.
by Vingroup
CVSS 6.1
CVE-2019-12543 EXPLOITDB MEDIUM text
Zoho ManageEngine ServiceDesk Plus 9.3 - Stored Cross-Site Scripting via PurchaseRequest.do serviceRequestId Parameter
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.
by Vingroup
CVSS 6.1
CVE-2018-19864 EXPLOITDB CRITICAL python
NUUO NVRmini2 Firmware <= 3.9.1 - Remote Code Execution via Buffer Overflow
NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.
by @0x00string
CVSS 9.8
CVE-2019-1663 EXPLOITDB CRITICAL python
Cisco RV110W RV130W RV215W - Unauthenticated Remote Code Execution via Web Management Interface
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected.
by @0x00string
CVSS 9.8
CVE-2019-5678 EXPLOITDB HIGH html
NVIDIA GeForce Experience < 3.19 - Code Execution via Web Helper Input Validation
NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.
by Rhino Security Labs
CVSS 7.8
CVE-2019-10866 EXPLOITDB CRITICAL text
10web Form Maker < 1.13.3 - SQL Injection via Submissioc Parameter
In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.
by Daniele Scanu
CVSS 9.8
CVE-2018-5406 EXPLOITDB HIGH text VERIFIED
Quest KACE Systems Management Appliance < 9.0.270 - Unauthenticated Privilege Escalation via CORS Misconfiguration
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new administrator account or changing the appliance’s settings. A malicious internal user could also gain administrator privileges of this appliance and use it to visit a malicious link that exploits this vulnerability. This could cause the application to perform sensitive actions such as adding a new administrator account or changing the appliance’s settings. An unauthenticated, remote attacker could add an administrator-level account or change the appliance's settings.
by SlidingWindow
CVSS 8.8