Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-0805 EXPLOITDB HIGH text VERIFIED
Windows - Elevation of Privilege via LUAFV Driver Calls
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0836, CVE-2019-0841.
by Google Security Research
CVSS 7.8
CVE-2019-10945 EXPLOITDB CRITICAL python
Joomla! < 3.9.4 - Path Traversal via Media Manager Folder Parameter
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
by Haboob Team
CVSS 9.8
CVE-2019-9955 EXPLOITDB MEDIUM text
Zyxel Firewall Devices - Reflected Cross-Site Scripting via Login Page mp_idx Parameter
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.
by Aaron Bishop
CVSS 6.1
CVE-2019-25601 EXPLOITDB MEDIUM python
UltraVNC Launcher 1.2.2.4 Denial of Service Buffer Overflow
UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Properties dialog to trigger a denial of service condition.
by Victor Mondragón
CVSS 6.2
CVE-2019-25600 EXPLOITDB MEDIUM python
UltraVNC Viewer 1.2.2.4 Denial of Service via Buffer Overflow
UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect to trigger a buffer overflow that crashes the viewer.
by Victor Mondragón
CVSS 6.5
EIP-2026-119090 EXPLOITDB python VERIFIED
RemoteMouse 3.008 - Arbitrary Remote Command Execution
by 0rphon
EIP-2026-118752 EXPLOITDB python
MailCarrier 2.51 - POP3 'USER' Buffer Overflow
by Dino Covotsos
EIP-2026-118751 EXPLOITDB python
MailCarrier 2.51 - POP3 'USER' Buffer Overflow
by Dino Covotsos
EIP-2026-118750 EXPLOITDB python
MailCarrier 2.51 - POP3 'TOP' SEH Buffer Overflow
by Dino Covotsos
EIP-2026-118749 EXPLOITDB python
MailCarrier 2.51 - POP3 'TOP' SEH Buffer Overflow
by Dino Covotsos
EIP-2026-118746 EXPLOITDB python
MailCarrier 2.51 - POP3 'LIST' SEH Buffer Overflow
by Dino Covotsos
EIP-2026-118745 EXPLOITDB python
MailCarrier 2.51 - POP3 'LIST' SEH Buffer Overflow
by Dino Covotsos
EIP-2026-118744 EXPLOITDB python
MailCarrier 2.51 - 'RCPT TO' Buffer Overflow
by Dino Covotsos
EIP-2026-118743 EXPLOITDB python
MailCarrier 2.51 - 'RCPT TO' Buffer Overflow
by Dino Covotsos
CVE-2019-11193 EXPLOITDB MEDIUM text
DirectAdmin < 1.561 - Cross-Site Scripting via FileManager CMD_FILE_MANAGER Parameter
The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel.
by InfinitumIT
CVSS 6.1
CVE-2019-11447 EXPLOITDB HIGH ruby VERIFIED
CutePHP CuteNews 2.1.2 - Code Injection
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
by AkkuS
CVSS 8.8
CVE-2019-1663 EXPLOITDB CRITICAL ruby VERIFIED
Cisco RV110W RV130W RV215W - Unauthenticated Remote Code Execution via Web Management Interface
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected.
by Metasploit
CVSS 9.8
CVE-2019-9621 EXPLOITDB HIGH ruby VERIFIED
Zimbra Collaboration Suite <8.6-8.8 - SSRF
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
by Metasploit
CVSS 7.5
EIP-2026-117521 EXPLOITDB ruby VERIFIED
Microsoft Windows - Contact File Format Arbitary Code Execution (Metasploit)
by Metasploit
EIP-2026-117520 EXPLOITDB ruby VERIFIED
Microsoft Windows - Contact File Format Arbitary Code Execution (Metasploit)
by Metasploit
EIP-2026-117500 EXPLOITDB text VERIFIED
Microsoft Internet Explorer 11 - XML External Entity Injection
by hyp3rlinx
CVE-2018-14894 EXPLOITDB HIGH text
CyberArk Endpoint Privilege Manager <10.2.1.603 - Privilege Escalation
CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications.
by Alpcan Onaran
CVSS 7.8
CVE-2019-11446 EXPLOITDB HIGH ruby
ATutor < 2.2.4 - Authenticated Arbitrary File Upload via File Manager
An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase (and thus .phP is a bypass), and omits .shtml and .phtml.
by AkkuS
CVSS 8.8
CVE-2019-9670 EXPLOITDB CRITICAL ruby VERIFIED
Synacor Zimbra Collaboration Suite <8.7.11p10 - XXE
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
by Metasploit
CVSS 9.8
CVE-2019-25619 EXPLOITDB HIGH python
FTP Shell Server 6.83 Buffer Overflow via Account Name
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite the return address and execute calc.exe or other commands.
by Dino Covotsos
CVSS 8.4