Exploitdb Exploits

50,091 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111805 EXPLOITDB text
Roxy Fileman 1.4.5 - Arbitrary File Download
by Ihsan Sencan
EIP-2026-106545 EXPLOITDB text
doorGets CMS 7.0 - Arbitrary File Download
by Ihsan Sencan
CVE-2018-9206 EXPLOITDB CRITICAL python
Blueimp jQuery-File-Upload <=9.22.0 - File Upload
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
by Larry W. Cashdollar
CVSS 9.8
CVE-2018-4442 EXPLOITDB HIGH javascript VERIFIED
Safari < 12.0.2 - Memory Corruption
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
by Google Security Research
CVSS 8.8
EIP-2026-103502 EXPLOITDB html
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
by Bogdan Kurinnoy
CVE-2015-8612 EXPLOITDB HIGH ruby VERIFIED
Blueman <2.0.3 - Privilege Escalation
The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument.
by Metasploit
CVSS 8.4
CVE-2019-6444 EXPLOITDB CRITICAL python VERIFIED
ntpsec < 1.1.3 - Stack-based Buffer Over-read via process_control
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.
by Magnus Klaaborg Stubman
CVSS 9.1
CVE-2019-6445 EXPLOITDB MEDIUM python VERIFIED
ntpsec < 1.1.3 - Authenticated Denial of Service via NULL Pointer Dereference in ntp_control.c
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.
by Magnus Klaaborg Stubman
CVSS 6.5
CVE-2019-6443 EXPLOITDB CRITICAL python VERIFIED
ntpsec < 1.1.3 - Stack-based Buffer Over-read in ntp_control.c
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.
by Magnus Klaaborg Stubman
CVSS 9.1
CVE-2019-6442 EXPLOITDB MEDIUM python VERIFIED
ntpsec < 1.1.3 - Authenticated Out-of-bounds Write via Malformed Config Request
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.
by Magnus Klaaborg Stubman
CVSS 6.5
CVE-2019-6275 EXPLOITDB HIGH text
GL.iNet GL-AR300M-Lite Firmware 2.27 - Remote Command Injection via firmware_cgi
Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
by Pasquale Turi
CVSS 8.8
CVE-2018-13374 EXPLOITDB MEDIUM python VERIFIED
FortiOS < 6.0.3 and FortiADC 5.4.0-5.4.4 - LDAP Server Credential Exposure via Connectivity Test Request
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
by Julio Ureña
CVSS 4.3
CVE-2019-6441 EXPLOITDB CRITICAL html
Coship RT3050 RT3052 RT7620 WM3300 - Unauthenticated Admin Password Reset via apply.cgi
An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.
by Adithyan AK
CVSS 9.8
CVE-2019-25580 EXPLOITDB HIGH text
ownDMS 4.7 SQL Injection via pdfstream.php imagestream.php
ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the IMG parameter to extract sensitive database information including version and database names.
by Ihsan Sencan
CVSS 8.2
EIP-2026-117583 EXPLOITDB text VERIFIED
Microsoft Windows VCF - Remote Code Execution
by hyp3rlinx
CVE-2018-13042 EXPLOITDB MEDIUM text
1Password 6.8 for Android - Denial of Service via OpenYolo Activity Export
The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance.
by Valerio Brussani
CVSS 5.9
CVE-2019-25706 EXPLOITDB HIGH text
Across DR-810 ROM-0 Unauthenticated File Disclosure
Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the backup file, exposing router passwords and other sensitive configuration data.
by SajjadBnd
CVSS 7.5
CVE-2019-25582 EXPLOITDB MEDIUM text
i-doit CMDB 1.12 Arbitrary File Download via file_manager Parameter
i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with file_manager=image and supply arbitrary file paths like src/config.inc.php to retrieve configuration files and sensitive system data.
by Ihsan Sencan
CVSS 6.5
CVE-2019-25581 EXPLOITDB HIGH text
i-doit CMDB 1.12 SQL Injection via objGroupID Parameter
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
CVE-2018-17393 EXPLOITDB CRITICAL text VERIFIED
HealthNode Hospital Management System 1.0 - SQL Injection
SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php.
by Ihsan Sencan
CVSS 9.8
CVE-2018-17389 EXPLOITDB HIGH text
Live Call Support Application 1.5 - Cross-Site Request Forgery in server.php
CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account.
by Ihsan Sencan
CVSS 8.8
CVE-2018-17388 EXPLOITDB CRITICAL text
Twilio WEB To Fax Machine System 1.0 - SQL Injection
SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php.
by Ihsan Sencan
CVSS 9.8
CVE-2018-20841 EXPLOITDB CRITICAL ruby
HooToo TripMate Titan HT-TM05 Firmware 2.000.022 and 2.000.082 - Remote Command Execution via mac Parameter
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.
by Andrei Manole
CVSS 9.8
CVE-2019-25137 EXPLOITDB HIGH python
Umbraco CMS <7.15.10 - Authenticated RCE
Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
by Gregory Draperi
CVSS 7.2
CVE-2019-5722 EXPLOITDB CRITICAL text
portier 4.4.4.2-4.4.4.6 - SQL Injection via Login and Key Ring Search Parameters
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the search form for a key ring number.
by SySS GmbH
CVSS 9.8