Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25629 EXPLOITDB HIGH python
AIDA64 Extreme 5.99.4900 SEH Buffer Overflow via Logging
AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging preferences to overflow the buffer and trigger code execution when the application processes the log file path.
by Peyman Forouzan
CVSS 8.4
CVE-2019-8942 EXPLOITDB HIGH ruby VERIFIED
WordPress < 4.9.9 and 5.x < 5.0.1 - Authenticated Remote Code Execution via Image Metadata
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
by Metasploit
CVSS 8.8
CVE-2019-8943 EXPLOITDB MEDIUM ruby VERIFIED
WordPress <= 5.0.3 - Authenticated Path Traversal via Image Crop Filename
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
by Metasploit
CVSS 6.5
CVE-2019-10008 EXPLOITDB HIGH python
Zoho ManageEngine ServiceDesk 9.3 - Privilege Escalation
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab.
by Ata Hakçıl_ Melih Kaan Yıldız
CVSS 8.8
CVE-2019-25565 EXPLOITDB MEDIUM python
Magic Iso Maker 5.5 Buffer Overflow Denial of Service
Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Attackers can generate a file containing 5000 bytes of data, paste it into the Serial Code field during registration, and trigger a denial of service condition that crashes the application.
by Alejandra Sánchez
CVSS 6.2
CVE-2019-25506 EXPLOITDB HIGH python
FreeSMS < 2.1.2 - Unauthenticated SQL Injection via Password Parameter
FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. Attackers can exploit the vulnerable password parameter in requests to /pages/crc_handler.php?method=login to authenticate as any known user and subsequently modify their password via the profile update function.
by Yilmaz Degirmenci
CVSS 8.2
CVE-2019-25647 EXPLOITDB HIGH python
PhreeBooks ERP 5.2.3 Remote Code Execution via Image Manager
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them to establish reverse shell connections and execute system commands.
by Metin Yunus Kandemir
CVSS 8.8
CVE-2019-25631 EXPLOITDB HIGH python
AIDA64 Business 5.99.4900 SEH Buffer Overflow via EggHunter
AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode. Attackers can inject egg hunter shellcode through the SMTP display name field in preferences or report wizard functionality to trigger the overflow and execute code with application privileges.
by Peyman Forouzan
CVSS 8.4
CVE-2019-25630 EXPLOITDB HIGH text
PhreeBooks ERP 5.2.3 Arbitrary File Upload via Image Manager
PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to the bizuno/image/manager endpoint and execute them via the bizunoFS.php script for remote code execution.
by Abdullah Çelebi
CVSS 8.8
CVE-2019-25481 EXPLOITDB HIGH text
iScripts ReserveLogic - SQL Injection
iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2019-25473 EXPLOITDB HIGH text
Clinic Pro - Authenticated SQL Injection via Monthly Expense Overview Month Parameter
Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthly_expense_overview endpoint with crafted month values using boolean-based blind, time-based blind, or error-based SQL injection techniques to extract sensitive database information.
by Abdullah Çelebi
CVSS 7.1
CVE-2019-25507 EXPLOITDB HIGH text
Ashop Shopping Cart - SQL Injection
Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection to extract sensitive database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
CVE-2021-47904 EXPLOITDB HIGH python
PhreeBooks 5.2.3 - Authenticated RCE
PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server.
by Metin Yunus Kandemir
CVSS 8.8
CVE-2019-1652 EXPLOITDB HIGH ruby VERIFIED
Cisco RV320 and RV325 Firmware 1.4.2.15-1.4.2.21 - Authenticated Remote Code Execution via HTTP POST Request
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.
by Metasploit
CVSS 7.2
CVE-2019-10863 EXPLOITDB HIGH ruby
TeemIp < 2.4.0 - Remote Code Execution via exec.php new_config Parameter
A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server.
by AkkuS
CVSS 7.2
EIP-2026-103913 EXPLOITDB html VERIFIED
Google Chrome 72.0.3626.96 / 74.0.3702.0 - 'JSPromise::TriggerPromiseReactions' Type Confusion
by Google Security Research
EIP-2026-103715 EXPLOITDB html VERIFIED
WebKitGTK+ - 'ThreadedCompositor' Race Condition
by Google Security Research
CVE-2019-8518 EXPLOITDB HIGH javascript VERIFIED
iCloud < 7.11 - Memory Corruption via Malicious Web Content
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2019-8558 EXPLOITDB HIGH javascript VERIFIED
iCloud < 7.11 - Memory Corruption and Arbitrary Code Execution
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2019-8506 EXPLOITDB HIGH javascript VERIFIED
iCloud < 7.11 - Remote Code Execution via Type Confusion
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2019-9813 EXPLOITDB HIGH text VERIFIED
Firefox < 66.0.1 - Memory Corruption
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
by Google Security Research
CVSS 8.8
CVE-2019-8514 EXPLOITDB HIGH text VERIFIED
iPhone OS < 12.2 - Privilege Escalation
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. An application may be able to gain elevated privileges.
by Google Security Research
CVSS 7.8
EIP-2026-103493 EXPLOITDB html VERIFIED
Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - 'ReadableStream' Internal Object Leak Type Confusion
by Google Security Research
EIP-2026-103490 EXPLOITDB text VERIFIED
Google Chrome 72.0.3626.81 - 'V8TrustedTypePolicyOptions::ToImpl' Type Confusion
by Google Security Research
CVE-2019-1653 EXPLOITDB HIGH ruby VERIFIED
Cisco RV320 and RV325 Unauthenticated Remote Code Execution
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.
by Metasploit
CVSS 7.5