Exploitdb Exploits

50,083 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-9623 EXPLOITDB CRITICAL ruby
Feng Office 3.7.0.5 - Unauthenticated Remote Code Execution via .shtml File Upload
Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php.
by AkkuS
CVSS 9.8
EIP-2026-103330 EXPLOITDB ruby
Usermin 1.750 - Remote Command Execution (Metasploit)
by AkkuS
CVE-2019-8375 EXPLOITDB CRITICAL text
WebKitGTK < 2.23.90 and WebKitGTK+ < 2.22.6 - Buffer Overflow via Script Dialog Size Manipulation
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).
by Dhiraj Mishra
CVSS 9.8
CVE-2019-3921 EXPLOITDB HIGH python
Nokia I-240W-Q GPON ONT Firmware 3FE54567BOZJ19 - Authenticated Stack-based Buffer Overflow via HTTP POST Request
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/. An attacker can leverage this vulnerability to potentially execute arbitrary code.
by Artem Metla
CVSS 8.8
CVE-2019-9600 EXPLOITDB HIGH python
The Olive Tree FTP Server < 1.32 - Denial of Service via Connection Flood
The Olive Tree FTP Server (aka com.theolivetree.ftpserver) application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts and drops certain packets.
by s4vitar
CVSS 7.5
CVE-2019-6977 EXPLOITDB HIGH php
GD Graphics Library <2.2.5 - Buffer Overflow
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
by cfreal
CVSS 8.8
CVE-2019-25681 EXPLOITDB HIGH python
Xlight FTP Server 3.9.1 SEH Overwrite Buffer Overflow
Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program execution field in virtual server configuration to trigger a buffer overflow that corrupts the SEH chain and enables potential code execution.
by Logan Whitmire
CVSS 8.4
CVE-2019-25680 EXPLOITDB HIGH text
Advance Gift Shop Pro Script 2.0.3 SQL Injection via search
Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract sensitive database information including version details and other data.
by Mr Winst0n
CVSS 8.2
CVE-2019-25668 EXPLOITDB HIGH text
News Website Script 2.0.5 SQL Injection via index.php
News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive database information.
by Mr Winst0n
CVSS 8.2
CVE-2018-1999002 EXPLOITDB HIGH python
Jenkins <2.132, <2.121.1 - Info Disclosure
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.
by wetw0rk
CVSS 7.5
CVE-2019-9041 EXPLOITDB HIGH text
ZZZCMS zzzphp 1.6.1 - Remote Code Execution via Template Parser If Label
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.
by Yang Chenglong
CVSS 7.2
EIP-2026-110691 EXPLOITDB text
PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection
by Mr Winst0n
CVE-2019-6340 EXPLOITDB HIGH python
Drupal 7.0.0-7.61.0 8.5.0-8.5.10 8.6.0-8.6.9 - Remote Code Execution via Unsanitized Field Data
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
by leonjza
CVSS 8.1
CVE-2019-1003000 EXPLOITDB HIGH python
Jenkins Script Security Plugin < 1.50 - Sandbox Bypass Remote Code Execution
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
by wetw0rk
CVSS 8.8
CVE-2019-6340 EXPLOITDB HIGH text
Drupal 7.0.0-7.61.0 8.5.0-8.5.10 8.6.0-8.6.9 - Remote Code Execution via Unsanitized Field Data
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
by Charles Fol
CVSS 8.1
CVE-2019-3474 EXPLOITDB MEDIUM text VERIFIED
Micro Focus Filr 3.x - Authenticated Path Traversal and Arbitrary File Read
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
by SecureAuth
CVSS 6.5
CVE-2018-18982 EXPLOITDB HIGH ruby VERIFIED
NUUO CMS < 3.3 - SQL Injection
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.
by Metasploit
CVSS 8.8
CVE-2018-20250 EXPLOITDB HIGH python VERIFIED
WinRAR <= 5.61 - Path Traversal and Remote Code Execution via ACE Filename Field
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
by WyAtu
CVSS 7.8
CVE-2017-17417 EXPLOITDB CRITICAL text
Quest NetVault Backup 11.3.0.12 - SQL Injection
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledge method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4228.
by Chris Anastasio
CVSS 9.8
CVE-2019-6215 EXPLOITDB HIGH javascript
Safari < 12.0.3 - Remote Code Execution via Type Confusion
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2019-3475 EXPLOITDB HIGH text VERIFIED
Micro Focus Filr 3.x < Security Update 6 - Authenticated Local Privilege Escalation via famtd Component
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
by SecureAuth
CVSS 7.8
CVE-2018-20220 EXPLOITDB HIGH text
Teracue ENC-400 <2.56 - Info Disclosure
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive information.
by Stephen Shkardoon
CVSS 7.5
CVE-2019-25732 EXPLOITDB HIGH text VERIFIED
PHP EI-Tube Script 3 SQL Injection via search parameter
PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to extract sensitive database information including usernames, passwords, and version details.
by Meisam Monsef
CVSS 8.2
CVE-2019-25679 EXPLOITDB HIGH python
RealTerm Serial Terminal 2.0.0.70 Buffer Overflow SEH
RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP RET gadget chain and shellcode that triggers code execution when pasted into the Port field and the Change button is clicked.
by Matteo Malvica
CVSS 7.8
CVE-2019-25678 EXPLOITDB HIGH text
C4G BLIS 3.4 SQL Injection via users_select.php
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the users_select.php endpoint with crafted SQL payloads to extract sensitive database information including patient records and system credentials.
by Carlos Avila
CVSS 8.2