Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-6973 EXPLOITDB HIGH bash
gSOAP 2.8.x - Denial of Service via Incomplete HTTP Requests
Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.
by Andrew Watson
CVSS 7.5
CVE-2019-25574 EXPLOITDB MEDIUM text
Green CMS 2.x Path Traversal Arbitrary File Download
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the theme_name parameter in the themeexporthandle action or supply base64-encoded file paths to the downfile action to retrieve sensitive files outside intended directories.
by Ihsan Sencan
CVSS 6.5
CVE-2019-25573 EXPLOITDB HIGH text
Green CMS 2.x SQL Injection via cat Parameter
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat parameter to manipulate database queries and extract sensitive information.
by Ihsan Sencan
CVSS 7.1
CVE-2019-6780 EXPLOITDB MEDIUM text
Wise Chat < 2.7 - Open Redirect via External Link Handling
The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer.
by MTK
CVSS 6.1
CVE-2019-6706 EXPLOITDB HIGH text
Lua 5.3.5 - Use-After-Free in lua_upvaluejoin
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
by Fady Mohammed Osman
CVSS 7.5
CVE-2019-6225 EXPLOITDB HIGH c VERIFIED
iPhone OS < 12.1.3 - Memory Corruption via Improved Validation
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.
by Google Security Research
CVSS 7.8
CVE-2019-1652 EXPLOITDB HIGH text VERIFIED
Cisco RV320 and RV325 Firmware 1.4.2.15-1.4.2.21 - Authenticated Remote Code Execution via HTTP POST Request
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.
by RedTeam Pentesting
CVSS 7.2
CVE-2019-25749 EXPLOITDB HIGH text
Joomla J-CruisePortal 6.0.4 SQL Injection via cruises
Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the guest_adult parameter. Attackers can send POST requests to the cruises endpoint with crafted SQL payloads in the guest_adult parameter to extract sensitive database information or manipulate database records.
by Ihsan Sencan
CVSS 7.1
CVE-2019-25748 EXPLOITDB HIGH text
Joomla JHotelReservation 6.0.7 SQL Injection via search-hotels
Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter. Attackers can send POST requests to the search-hotels endpoint with crafted SQL payloads in the rooms parameter to extract sensitive database information including version details.
by Ihsan Sencan
CVSS 8.2
CVE-2019-25703 EXPLOITDB HIGH text
ImpressCMS 1.3.11 SQL Injection via bid Parameter
ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL commands to extract sensitive database information.
by Mehmet Onder
CVSS 7.1
CVE-2019-25575 EXPLOITDB HIGH text
SimplePress CMS 1.0.7 SQL Injection via p and s Parameters
SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
EIP-2026-119437 EXPLOITDB python
Splunk Enterprise 7.2.3 - (Authenticated) Custom App Remote Code Execution
by Lee Mazzoleni
EIP-2026-103368 EXPLOITDB python VERIFIED
Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC)
by Saeed Hasanzadeh
CVE-2019-6116 EXPLOITDB HIGH text VERIFIED
Artifex Ghostscript < 9.26 - Remote Code Execution via Ephemeral Procedure System Operator Access
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
by Google Security Research
CVSS 7.8
EIP-2026-102772 EXPLOITDB ruby VERIFIED
AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)
by Metasploit
EIP-2026-102771 EXPLOITDB ruby VERIFIED
AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)
by Metasploit
CVE-2019-6710 EXPLOITDB HIGH html
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 - Cross-Site Request Forgery via login.cgi
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
by Ali Can Gönüllü
CVSS 8.8
CVE-2018-20503 EXPLOITDB MEDIUM text
Allied Telesis 8100L/8 Firmware - Stored Cross-Site Scripting via IPv4 Interface Editor
Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter.
by AkkuS
CVSS 6.1
CVE-2019-25759 EXPLOITDB HIGH text
Joomla! Component vBizz 1.0.7 SQL Injection
Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array values containing SQL commands to extract sensitive database information including version and database names.
by Ihsan Sencan
CVSS 7.1
CVE-2019-25758 EXPLOITDB HIGH text
Joomla! Component vBizz 1.0.7 Remote Code Execution
Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profile_pic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and execute them from the uploads directory to achieve remote code execution.
by Ihsan Sencan
CVSS 8.8
CVE-2019-25757 EXPLOITDB HIGH text
Joomla vWishlist 1.0.1 SQL Injection via vproductid Parameter
Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid parameters. Attackers can send POST requests to the component with crafted SQL payloads in these parameters to extract sensitive database information including version and database names.
by Ihsan Sencan
CVSS 7.1
CVE-2019-25756 EXPLOITDB HIGH text
Joomla! Component vAccount 2.0.2 SQL Injection via vaccount-dashboard
Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with crafted SQL payloads in the vid parameter to extract sensitive database information including version and database names.
by Ihsan Sencan
CVSS 8.2
CVE-2019-25755 EXPLOITDB HIGH text
Joomla vReview 1.9.11 SQL Injection via editReview
Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. Attackers can send POST requests to the editReview task endpoint with URL-encoded SQL UNION statements in the cmId parameter to extract database information including usernames, passwords, and database versions.
by Ihsan Sencan
CVSS 8.2
CVE-2019-25754 EXPLOITDB HIGH text
Joomla vRestaurant 1.9.4 SQL Injection via menu-listing-layout
Joomla Component vRestaurant 1.9.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keysearch parameter. Attackers can send POST requests to the menu-listing-layout endpoint with crafted SQL payloads in the keysearch parameter to extract database table names and sensitive information from the database.
by Ihsan Sencan
CVSS 8.2
CVE-2019-25753 EXPLOITDB HIGH text
Joomla! Component VMap 1.9.6 SQL Injection via loadmarker
Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter. Attackers can send GET requests to index.php with the option=com_vmap&task=loadmarker parameters containing SQL injection payloads to manipulate database queries and extract sensitive information.
by Ihsan Sencan
CVSS 8.2