Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108725 EXPLOITDB text
Joomla! Component JiFile 2.3.1 - Arbitrary File Download
by Mr Winst0n
EIP-2026-108211 EXPLOITDB text
Joomla! Component ARI Quiz 3.7.4 - SQL Injection
by Mr Winst0n
EIP-2026-107689 EXPLOITDB text
Hyvikk Fleet Manager - Shell Upload
by saxgy1331
CVE-2019-11564 EXPLOITDB MEDIUM text
HumHub 1.3.12 - Stored Cross-Site Scripting via POST Request to Index View
A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request.
by Kağan EĞLENCE
CVSS 6.1
EIP-2026-105023 EXPLOITDB text
Agent Tesla Botnet - Information Disclosure
by n4pst3r
CVE-2019-10867 EXPLOITDB HIGH ruby VERIFIED
pimcore < 5.7.1 - Authenticated Remote Code Execution via Unserialize in Bulk-Commit Endpoint
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.
by Metasploit
CVSS 8.8
CVE-2019-10678 EXPLOITDB HIGH python VERIFIED
Domoticz <4.10579 - Info Disclosure
Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.
by Fabio Carretto
CVSS 7.5
CVE-2019-11599 EXPLOITDB HIGH text VERIFIED
Linux kernel <5.0.10 - Info Disclosure
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
by Google Security Research
CVSS 7.0
CVE-2019-3799 EXPLOITDB MEDIUM ruby
Spring Cloud Config < 1.4.6 - Path Traversal via Crafted URL
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
by Dhiraj Mishra
CVSS 6.5
EIP-2026-101860 EXPLOITDB bash
Netgear DGN2200 / DGND3700 - Admin Password Disclosure
by Social Engineering Neo
CVE-2019-11416 EXPLOITDB HIGH html
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery via v1/system/user
A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user.
by Social Engineering Neo
CVSS 8.8
CVE-2019-11415 EXPLOITDB HIGH bash
Intelbras IWR 3000N 1.5.0 - Denial of Service via Malformed Login Request
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login.
by Social Engineering Neo
CVSS 7.5
CVE-2019-11569 EXPLOITDB HIGH text
Veeam ONE Reporter <9.5.0.3201 - CSRF
Veeam ONE Reporter 9.5.0.3201 allows CSRF.
by Seyed Sadegh Khatami
CVSS 8.8
CVE-2019-25597 EXPLOITDB MEDIUM python
NSauditor 3.1.2.0 Denial of Service via Community Field
NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a large payload into the Community field and trigger the Walk function to cause a denial of service condition.
by Victor Mondragón
CVSS 6.2
EIP-2026-115973 EXPLOITDB python
NSauditor 3.1.2.0 - 'Name' Denial of Service (PoC)
by Victor Mondragón
EIP-2026-115972 EXPLOITDB python
NSauditor 3.1.2.0 - 'Name' Denial of Service (PoC)
by Victor Mondragón
CVE-2019-3844 EXPLOITDB HIGH text VERIFIED
systemd < 242 - Privilege Escalation via DynamicUser SUID Binary Execution
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.
by Google Security Research
CVSS 7.8
CVE-2019-0186 EXPLOITDB MEDIUM text
Apache Pluto Chat Room Demo 3.0.0-3.0.1 - Cross-Site Scripting
The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. Mitigation: * Uninstall the ChatRoomDemo war file - or - * migrate to version 3.1.0 of the chat-room-demo war file
by Dhiraj Mishra
CVSS 6.1
CVE-2019-25616 EXPLOITDB MEDIUM python
AnMing MP3 CD Burner 2.0 Local Denial of Service
AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition.
by Achilles
CVSS 6.2
CVE-2019-25615 EXPLOITDB HIGH python
Lavavo CD Ripper 4.20 Local SEH Buffer Overflow
Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field. Attackers can craft a payload with controlled buffer data, NSEH jump instructions, and SEH handler addresses to trigger code execution and establish a bind shell on port 3110.
by Achilles
CVSS 8.4
CVE-2019-25599 EXPLOITDB MEDIUM python
Backup Key Recovery 2.2.4 Denial of Service via Name Field
Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash when submitting the form.
by Victor Mondragón
CVSS 6.2
CVE-2019-25598 EXPLOITDB MEDIUM python
HeidiSQL Portable 10.1.0.5464 Denial of Service via Buffer Overflow
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to trigger an application crash.
by Victor Mondragón
CVSS 6.2
CVE-2018-20250 EXPLOITDB HIGH ruby VERIFIED
WinRAR <= 5.61 - Path Traversal and Remote Code Execution via ACE Filename Field
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
by Metasploit
CVSS 7.8
CVE-2019-11537 EXPLOITDB MEDIUM text VERIFIED
osTicket < 1.12 - Cross-Site Scripting via User Importer CSV File Upload
In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file inclusion.
by AkkuS
CVSS 6.1
CVE-2019-7438 EXPLOITDB MEDIUM text
JioFi 4G M2S 1.0.2 - Cross-Site Scripting via mask POST Parameter
cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter.
by Vikas Chaudhary
CVSS 6.1