Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25593 EXPLOITDB MEDIUM python
jetCast Server 2.0 Denial of Service via Log Directory
jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then click Start to trigger a crash that terminates the server process.
by Victor Mondragón
CVSS 5.5
CVE-2019-25559 EXPLOITDB MEDIUM python
SpotPaltalk 1.1.5 Name/Key Field Denial of Service
SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can paste a buffer of 1000 characters into the Name/Key field during registration to trigger a crash when the OK button is clicked.
by Alejandra Sánchez
CVSS 5.5
EIP-2026-116317 EXPLOITDB python
SpotIM 2.2 - Denial of Service (PoC)
by Alejandra Sánchez
EIP-2026-116316 EXPLOITDB python
SpotIM 2.2 - Denial of Service (PoC)
by Alejandra Sánchez
CVE-2019-7442 EXPLOITDB CRITICAL text
CyberArk Enterprise Password Vault <=10.7 - XXE
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.
by Marcelo Toran
CVSS 9.8
CVE-2019-7652 EXPLOITDB HIGH text VERIFIED
TheHive Project UnshortenLink analyzer <1.1 - SSRF
TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter. The result can be seen in the main dashboard. Thus, it is possible to do port scans on localhost and intranet hosts.
by Alexandre Basquin
CVSS 7.7
EIP-2026-102479 EXPLOITDB text
dotCMS 5.1.1 - HTML Injection
by Ismail Tasdelen
EIP-2026-101957 EXPLOITDB text
RICOH SP 4520DN Printer - HTML Injection
by Ismail Tasdelen
EIP-2026-101955 EXPLOITDB text
RICOH SP 4510DN Printer - HTML Injection
by Ismail Tasdelen
CVE-2019-25562 EXPLOITDB MEDIUM python
jetAudio 8.1.7 Denial of Service via File Naming Buffer Overflow
jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming field. Attackers can paste a malicious buffer of 512 bytes into the File Naming parameter and trigger the crash by clicking the Preview button, causing a denial of service.
by Alejandra Sánchez
CVSS 5.5
CVE-2019-25561 EXPLOITDB MEDIUM python
Lyric Maker 2.0.1.0 Denial of Service via Buffer Overflow
Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Attackers can paste a 5000-byte buffer into the Title input field and save the file to trigger a denial of service condition.
by Alejandra Sánchez
CVSS 6.2
CVE-2019-25560 EXPLOITDB HIGH python
Lyric Video Creator 2.1 Denial of Service via MP3 File
Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an oversized buffer and trigger the crash by opening the file through the Browse song functionality.
by Alejandra Sánchez
CVSS 7.5
CVE-2018-20485 EXPLOITDB MEDIUM text
ManageEngine ADSelfService Plus 5.7 - Cross-Site Scripting in Employee Search Feature
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.
by Ibrahim Raafat
CVSS 6.1
CVE-2019-25611 EXPLOITDB HIGH text
MiniFtp parseconf_load_setting Buffer Overflow via Configuration
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite the return address, enabling code execution with root privileges.
by strider
CVSS 8.4
CVE-2019-25610 EXPLOITDB MEDIUM text
NetNumber Titan Master 7.9.1 Path Traversal via drp
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../ sequences to bypass authorization and retrieve sensitive system files like /etc/shadow.
by MobileNetworkSecurity
CVSS 6.5
CVE-2019-25595 EXPLOITDB MEDIUM python
jetAudio 8.1.7.20702 Basic Denial of Service via URL Handler
jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causing the application to terminate abnormally.
by Victor Mondragón
CVSS 6.2
CVE-2019-5786 EXPLOITDB MEDIUM ruby VERIFIED
Google Chrome < 72.0.3626.121 - Use-After-Free in Blink via Crafted HTML Page
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
by Metasploit
CVSS 6.5
CVE-2017-1274 EXPLOITDB HIGH python
IBM Domino 8.5-9.0 - Authenticated Stack-Based Buffer Overflow via IMAP Mailbox Name
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749.
by Charles Truscott
CVSS 8.8
CVE-2019-9193 EXPLOITDB HIGH ruby VERIFIED
PostgreSQL 9.3-11.2 - Authenticated OS Command Injection via COPY TO/FROM PROGRAM
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.
by Metasploit
CVSS 7.2
CVE-2019-2725 EXPLOITDB CRITICAL ruby VERIFIED
Oracle WebLogic Server 10.3.6.0.0 and 12.1.3.0.0 - Unauthenticated Remote Code Execution via HTTP
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by Metasploit
CVSS 9.8
CVE-2019-25613 EXPLOITDB HIGH python
Easy Chat Server 3.1 Denial of Service via message Parameter
Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash.
by Miguel Mendez Z
CVSS 7.5
CVE-2019-25612 EXPLOITDB HIGH python
Admin Express 1.2.5.485 Local SEH Buffer Overflow via Folder Path
Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can trigger the vulnerability through the System Compare feature by pasting a crafted buffer overflow payload into the left-hand side Folder Path field and clicking the scale icon to execute shellcode with application privileges.
by Connor McGarr
CVSS 7.8
CVE-2019-10685 EXPLOITDB MEDIUM text
Heidelberg Prinect Archiver v2013 release 1.0 - Reflected Cross-Site Scripting
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Heidelberg Prinect Archiver v2013 release 1.0.
by alt3kx
CVSS 6.1
CVE-2019-25503 EXPLOITDB HIGH text VERIFIED
PHPads 2.0 - Unauthenticated SQL Injection via click.php3 bannerID Parameter
PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue to extract sensitive database information such as the current database name.
by felipe andrian
CVSS 7.1
CVE-2019-25366 EXPLOITDB HIGH text VERIFIED
microASP Portal+ CMS - SQL Injection
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explode_tree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and concat functions to extract sensitive database information like the current database name.
by felipe andrian
CVSS 8.2