Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-2616 EXPLOITDB HIGH text VERIFIED
Oracle Fusion Middleware - Unauthenticated RCE
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). While the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data as well as unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).
by Vahagn Vardanyan
CVSS 7.2
CVE-2019-3396 EXPLOITDB CRITICAL ruby VERIFIED
Atlassian Confluence Widget Connector Macro Velocity Template Injection
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
by Metasploit
CVSS 9.8
CVE-2010-4170 EXPLOITDB ruby VERIFIED
SystemTap 1.3 - Privilege Escalation via MODPROBE_OPTIONS Environment Variable
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.
by Metasploit
CVE-2019-11448 EXPLOITDB CRITICAL ruby
Zoho ManageEngine Applications Manager <14.0 - Privilege Escalation
An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file.
by AkkuS
CVSS 9.8
CVE-2018-16858 EXPLOITDB HIGH ruby VERIFIED
LibreOffice Macro Python Code Execution
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.
by Metasploit
CVSS 7.8
CVE-2018-16517 EXPLOITDB MEDIUM text
Netwide Assembler < 2.13.03 - Denial of Service via Crafted File
asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.
by Fakhri Zulkifli
CVSS 5.5
CVE-2019-10038 EXPLOITDB HIGH text
Evernote 7.9 - Arbitrary Program Execution via Local Executable Reference
Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file.
by Dhiraj Mishra
CVSS 7.8
CVE-2019-11060 EXPLOITDB HIGH bash
ASUS HG100 Firmware < 1.05.12 - Unauthenticated Denial of Service via Slowloris HTTP Attack
The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time. CVSS 3.0 Base score 7.4 (Availability impacts). CVSS vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
by YinT Wang
CVSS 7.5
EIP-2026-118748 EXPLOITDB python
MailCarrier 2.51 - POP3 'RETR' SEH Buffer Overflow
by Dino Covotsos
EIP-2026-118747 EXPLOITDB python
MailCarrier 2.51 - POP3 'RETR' SEH Buffer Overflow
by Dino Covotsos
EIP-2026-115141 EXPLOITDB python
DHCP Server 2.5.2 - Denial of Service (PoC)
by Victor Mondragón
EIP-2026-115140 EXPLOITDB python
DHCP Server 2.5.2 - Denial of Service (PoC)
by Victor Mondragón
CVE-2019-2697 EXPLOITDB HIGH text VERIFIED
Oracle JDK 7u211 and 8u202 - Unauthenticated Remote Code Execution via Multiple Protocols
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
by Google Security Research
CVSS 8.1
CVE-2019-2698 EXPLOITDB HIGH text VERIFIED
Oracle JDK 7u211 and 8u202 - Unauthenticated Remote Code Execution via 2D Subcomponent
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
by Google Security Research
CVSS 8.1
CVE-2018-11492 EXPLOITDB HIGH bash
ASUS HG100 Firmware - Denial of Service via IPv4 Packet Flood
ASUS HG100 devices allow denial of service via an IPv4 packet flood.
by YinT Wang
CVSS 7.5
CVE-2019-25618 EXPLOITDB MEDIUM python
AdminExpress 1.2.5 Denial of Service via System Compare
AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the comparison function to cause the application to become unresponsive or crash.
by Mücahit İsmail Aktaş
CVSS 6.2
CVE-2019-25564 EXPLOITDB MEDIUM python
PCHelpWareV2 1.0.0.5 Denial of Service via Group Field
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Attackers can paste a buffer overflow payload into the Group property field and click Ok to trigger an application crash.
by Alejandra Sánchez
CVSS 5.5
CVE-2019-25563 EXPLOITDB MEDIUM python
PCHelpWareV2 1.0.0.5 Denial of Service via SC Creation
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer, causing the application to crash.
by Alejandra Sánchez
CVSS 6.2
CVE-2018-19374 EXPLOITDB HIGH text
Zoho ManageEngine ADManager Plus 6.6 Build 6657 - Privilege Escalation via Trojan Horse File in Bin Directory
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.
by Digital Interruption
CVSS 7.0
CVE-2019-0735 EXPLOITDB HIGH text VERIFIED
Windows Client Server Run-Time Subsystem - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka 'Windows CSRSS Elevation of Privilege Vulnerability'.
by Google Security Research
CVSS 7.8
CVE-2019-0836 EXPLOITDB HIGH text VERIFIED
Windows - Elevation of Privilege via LUAFV Driver Race Condition
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0841.
by Google Security Research
CVSS 7.8
CVE-2019-0732 EXPLOITDB HIGH text VERIFIED
Windows - Device Guard Bypass via LUAFV Driver Improper Call Handling
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Security Feature Bypass Vulnerability'.
by Google Security Research
CVSS 7.8
CVE-2019-0796 EXPLOITDB MEDIUM text VERIFIED
Windows - Privilege Escalation via LUAFV Driver Improper Call Handling
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.
by Google Security Research
CVSS 5.5
CVE-2019-0730 EXPLOITDB HIGH text VERIFIED
Windows - Privilege Escalation via LUAFV Driver Improper Call Handling
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.
by Google Security Research
CVSS 7.8
CVE-2019-0731 EXPLOITDB HIGH text VERIFIED
Windows - Privilege Escalation via LUAFV Driver Handle Duplication
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.
by Google Security Research
CVSS 7.8