Exploitdb Exploits

49,989 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25566 EXPLOITDB MEDIUM python
TransMac 12.3 Denial of Service via Volume Name Field
TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can create a malicious file with 1000 repeated characters, paste the content into the volume name field during disk image creation, and trigger an application crash.
by Alejandra Sánchez
CVSS 6.2
EIP-2026-112124 EXPLOITDB text
Simple Online Hotel Reservation System - SQL Injection
by Mr Winst0n
EIP-2026-112123 EXPLOITDB html
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
by Mr Winst0n
EIP-2026-112122 EXPLOITDB html
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
by Mr Winst0n
CVE-2019-9184 EXPLOITDB CRITICAL text VERIFIED
J2store < 3.3.7 - SQL Injection
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter.
by Andrei Conache
CVSS 9.8
CVE-2019-9623 EXPLOITDB CRITICAL ruby
Feng Office <3.7.0.5 - RCE
Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php.
by AkkuS
CVSS 9.8
EIP-2026-103330 EXPLOITDB ruby
Usermin 1.750 - Remote Command Execution (Metasploit)
by AkkuS
CVE-2019-8375 EXPLOITDB CRITICAL text
Webkitgtk < 2.23.90 - Memory Corruption
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).
by Dhiraj Mishra
CVSS 9.8
CVE-2019-3921 EXPLOITDB HIGH python
Nokia I-240w-q Gpon Ont Firmware - Out-of-Bounds Write
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/. An attacker can leverage this vulnerability to potentially execute arbitrary code.
by Artem Metla
CVSS 8.8
CVE-2019-9600 EXPLOITDB HIGH python
Olive Tree FTP Server <1.32 - DoS
The Olive Tree FTP Server (aka com.theolivetree.ftpserver) application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts and drops certain packets.
by s4vitar
CVSS 7.5
CVE-2019-6977 EXPLOITDB HIGH php
GD Graphics Library <2.2.5 - Buffer Overflow
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
by cfreal
CVSS 8.8
CVE-2019-25681 EXPLOITDB HIGH python
Xlight FTP Server 3.9.1 SEH Overwrite Buffer Overflow
Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program execution field in virtual server configuration to trigger a buffer overflow that corrupts the SEH chain and enables potential code execution.
by Logan Whitmire
CVSS 8.4
CVE-2019-25680 EXPLOITDB HIGH text
Advance Gift Shop Pro Script 2.0.3 SQL Injection via search
Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract sensitive database information including version details and other data.
by Mr Winst0n
CVSS 8.2
CVE-2019-25668 EXPLOITDB HIGH text
News Website Script 2.0.5 SQL Injection via index.php
News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive database information.
by Mr Winst0n
CVSS 8.2
CVE-2018-1999002 EXPLOITDB HIGH python
Jenkins <2.132, <2.121.1 - Info Disclosure
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.
by wetw0rk
CVSS 7.5
CVE-2019-9041 EXPLOITDB HIGH text
ZZZCMS zzzphp <V1.6.1 - RCE
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.
by Yang Chenglong
CVSS 7.2
EIP-2026-110691 EXPLOITDB text
PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection
by Mr Winst0n
CVE-2019-6340 EXPLOITDB HIGH python
Drupal < 8.5.11 - Insecure Deserialization
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
by leonjza
CVSS 8.1
CVE-2019-1003000 EXPLOITDB HIGH python
Script Security Plugin <1.49 - RCE
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
by wetw0rk
CVSS 8.8
CVE-2019-6340 EXPLOITDB HIGH text
Drupal < 8.5.11 - Insecure Deserialization
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
by Charles Fol
CVSS 8.1
CVE-2019-3474 EXPLOITDB MEDIUM text VERIFIED
Microfocus Filr - Path Traversal
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
by SecureAuth
CVSS 6.5
CVE-2018-18982 EXPLOITDB HIGH ruby VERIFIED
Nuuo Cms < 3.3 - SQL Injection
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.
by Metasploit
CVSS 8.8
CVE-2018-20250 EXPLOITDB HIGH python VERIFIED
WinRAR <5.61 - Path Traversal
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
by WyAtu
CVSS 7.8
CVE-2017-17417 EXPLOITDB CRITICAL text
Quest NetVault Backup 11.3.0.12 - SQL Injection
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledge method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4228.
by Chris Anastasio
CVSS 9.8
CVE-2019-6215 EXPLOITDB HIGH javascript
Apple Safari < 12.0.3 - Type Confusion
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
By Source
All 49,989 Writeup 59,833 Exploitdb 49,989 Nomisec 21,502 Metasploit 3,218 Github 2,537 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,330 python 5,921 ruby 5,907 c 3,563 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24