0v3rride

3 exploits Active since Mar 2019
CVE-2019-7751 EXPLOITDB HIGH python WORKING POC
Ricoh MarcomCentral - Path Traversal
A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine's SAM and SYSTEM database files, and possibly remote code execution.
CVSS 7.5
CVE-2019-8385 EXPLOITDB CRITICAL python SCANNER
Thomsonreuters Concourse Matter Room < 2.13.0098 - Path Traversal
An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine's SAM and SYSTEM database files, as well as remote code execution.
CVSS 9.8
CVE-2019-6716 EXPLOITDB CRITICAL text WRITEUP
Nervepoint Access Manager 2013-2017 - Unauthenticated IDOR via runJob.html jobId
An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request.
CVSS 9.4