Exploitdb Exploits

49,989 exploits tracked across all sources.

Sort: Activity Stars

CVE-2019-5736 EXPLOITDB HIGH

Docker Container Escape Via runC Overwrite

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

by feexd

CVSS 8.6

View

CVE-2019-6714 EXPLOITDB CRITICAL VERIFIED

Blogengine.net < 3.3.6.0 - Path Traversal

An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an authenticated user uploads a PostView.ascx file using the file manager utility, which is currently allowed. This results in remote code execution for an authenticated user.

by Dustin Cobb

CVSS 9.8

View

CVE-2018-19524 EXPLOITDB CRITICAL python

Shenzhen Skyworth DT741 - DoS/Remote Code Execution

An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7.

by Kaustubh G. Padwad

CVSS 9.8

View

CVE-2019-2000 EXPLOITDB HIGH text VERIFIED

Android - Memory Corruption

In several functions of binder.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025789.

by Google Security Research

CVSS 7.8

View

CVE-2019-1999 EXPLOITDB HIGH text VERIFIED

Google Android - Double Free

In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.

by Google Security Research

CVSS 7.8

View

CVE-2019-25671 EXPLOITDB HIGH python

VA MAX 8.3.4 Remote Code Execution via changeip.php

VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtu_eth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the mtu_eth0 field to execute commands as the apache user.

by Cody Sixteen

CVSS 8.8

View

CVE-2019-25670 EXPLOITDB HIGH python

River Past Video Cleaner 7.6.3 Buffer Overflow via SEH

River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll field. Attackers can craft a payload with 280 bytes of padding, a next structured exception handler override, and shellcode to trigger code execution when the application processes the input.

by crash_manucoot

CVSS 8.4

View

CVE-2019-25650 EXPLOITDB HIGH python

River Past CamDo 3.7.6 Structured Exception Handler Buffer Overflow

River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump instruction, and SEH handler address pointing to a pop-pop-ret gadget to trigger code execution and establish a bind shell on port 3110.

by Achilles

CVSS 8.4

View

CVE-2019-25572 EXPLOITDB MEDIUM python

NordVPN 6.19.6 Denial of Service via Email Field Buffer Overflow

NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash.

by Alejandra Sánchez

CVSS 6.2

View

CVE-2019-25396 EXPLOITDB MEDIUM text

IPFire 2.21 Core Update 127 - XSS

IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAX_DISK_USAGE or MAX_DOWNLOAD_RATE parameters to execute arbitrary JavaScript in users' browsers.

by Ozer Goker

CVSS 6.1

View

CVE-2019-25400 EXPLOITDB MEDIUM text

IPFire 2.21 Core Update 127 - XSS

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the fwhosts.cgi script that allow attackers to inject malicious scripts through multiple parameters including HOSTNAME, IP, SUBNET, NETREMARK, HOSTREMARK, newhost, grp_name, remark, SRV_NAME, SRV_PORT, SRVGRP_NAME, SRVGRP_REMARK, and updatesrvgrp. Attackers can submit POST requests with script payloads in these parameters to execute arbitrary JavaScript in the context of authenticated users' browsers.

by Ozer Goker

CVSS 5.4

View

CVE-2019-25399 EXPLOITDB MEDIUM text

IPFire 2.21 Core Update 127 - XSS

IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID parameters. Attackers can submit POST requests with script payloads in these parameters to execute arbitrary JavaScript in the context of authenticated administrator sessions.

by Ozer Goker

CVSS 6.4

View

CVE-2019-25398 EXPLOITDB MEDIUM text

IPFire 2.21 Core Update 127 - XSS

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in parameters like VPN_IP, DMTU, ccdname, ccdsubnet, DOVPN_SUBNET, DHCP_DOMAIN, DHCP_DNS, DHCP_WINS, ROUTES_PUSH, FRAGMENT, KEEPALIVE_1, and KEEPALIVE_2 to execute arbitrary JavaScript in administrator browsers.

by Ozer Goker

CVSS 6.1

View

CVE-2019-25397 EXPLOITDB MEDIUM text

IPFire 2.21 Core Update 127 - XSS

IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the KEY1, IP, HOST, or DOM parameters to execute arbitrary JavaScript in users' browsers.

by Ozer Goker

CVSS 6.1

View

CVE-2019-6543 EXPLOITDB CRITICAL python

Aveva Indusoft Web Studio - Missing Authentication

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine.

by Jacob Baines

CVSS 9.8

View

CVE-2019-25395 EXPLOITDB HIGH text