Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-9082 EXPLOITDB HIGH text
ThinkPHP < 3.2.4 - Remote Code Execution via Public Endpoint
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
by Yang Chenglong
CVSS 8.8
EIP-2026-113624 EXPLOITDB text
WordPress Plugin Cerber Security_ Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities
by ed0x21son
EIP-2026-110214 EXPLOITDB text
OOP CMS BLOG 1.0 - Multiple SQL Injection
by Mr Winst0n
EIP-2026-110213 EXPLOITDB text
OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery
by Mr Winst0n
CVE-2019-9194 EXPLOITDB CRITICAL python VERIFIED
elFinder < 2.1.48 - OS Command Injection in PHP Connector
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
by q3rv0
CVSS 9.8
CVE-2019-9554 EXPLOITDB MEDIUM text
Craft CMS 3.1.12 Pro - Stored Cross-Site Scripting in Header Insertion Field
In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.
by Ismail Tasdelen
CVSS 6.1
CVE-2019-9581 EXPLOITDB HIGH ruby
phpscheduleit Booked Scheduler <2.7.5 - RCE
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension.
by AkkuS
CVSS 8.8
CVE-2019-9553 EXPLOITDB MEDIUM text
Bolt 3.6.4 - Cross-Site Scripting via Slug, Teaser, or Title Parameter
Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.
by Ismail Tasdelen
CVSS 6.1
CVE-2019-7385 EXPLOITDB HIGH text
Raisecom ISCOM HT803G-U/-W/-1GE/GPON <2.0.0_140521_R4.1.47.002 - Co...
An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a system call in the firmware. Because there is no user input validation, this leads to authenticated code execution on the device.
by JameelNabbo
CVSS 7.8
CVE-2019-9556 EXPLOITDB MEDIUM text
FiberHome AN5506-04-F RP2669 - Cross-Site Scripting
FiberHome an5506-04-f RP2669 devices have XSS.
by Tauco
CVSS 5.4
CVE-2019-8942 EXPLOITDB HIGH javascript
WordPress < 4.9.9 and 5.x < 5.0.1 - Authenticated Remote Code Execution via Image Metadata
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
by allyshka
CVSS 8.8
CVE-2019-1674 EXPLOITDB HIGH text
Cisco Webex Meetings < 33.6.6 Authenticated OS Command Injection via Update Service
A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools. This vulnerability is fixed in Cisco Webex Meetings Desktop App Release 33.6.6 and 33.9.1 releases. This vulnerability is fixed in Cisco Webex Productivity Tools Release 33.0.7.
by SecureAuth
CVSS 7.8
CVE-2019-8943 EXPLOITDB MEDIUM javascript
WordPress <= 5.0.3 - Authenticated Path Traversal via Image Crop Filename
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
by allyshka
CVSS 6.5
EIP-2026-103678 EXPLOITDB text VERIFIED
tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads
by Google Security Research
EIP-2026-103499 EXPLOITDB text VERIFIED
Google Chrome < M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost
by Google Security Research
EIP-2026-103498 EXPLOITDB text VERIFIED
Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
by Google Security Research
EIP-2026-103497 EXPLOITDB text VERIFIED
Google Chrome < M72 - PaymentRequest Service Use-After-Free
by Google Security Research
EIP-2026-103496 EXPLOITDB text VERIFIED
Google Chrome < M72 - FileWriterImpl Use-After-Free
by Google Security Research
EIP-2026-103366 EXPLOITDB text VERIFIED
macOS XNU - Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image
by Google Security Research
CVE-2019-9162 EXPLOITDB HIGH text VERIFIED
Linux Kernel 4.19-4.19.24 - Out-of-bounds Write in SNMP NAT Module
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper.
by Google Security Research
CVSS 7.8
CVE-2019-25566 EXPLOITDB MEDIUM python
TransMac 12.3 Denial of Service via Volume Name Field
TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can create a malicious file with 1000 repeated characters, paste the content into the volume name field during disk image creation, and trigger an application crash.
by Alejandra Sánchez
CVSS 6.2
EIP-2026-112124 EXPLOITDB text
Simple Online Hotel Reservation System - SQL Injection
by Mr Winst0n
EIP-2026-112123 EXPLOITDB html
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
by Mr Winst0n
EIP-2026-112122 EXPLOITDB html
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
by Mr Winst0n
CVE-2019-9184 EXPLOITDB CRITICAL text VERIFIED
J2Store 3.3.0-3.3.6 - SQL Injection via product_option[] Parameter
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter.
by Andrei Conache
CVSS 9.8