1F98D

25 exploits Active since Dec 2006
CVE-2020-5752 NOMISEC HIGH WORKING POC
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
4 stars
CVSS 7.8
CVE-2020-7247 NOMISEC CRITICAL WORKING POC
OpenSMTPD 6.6 - Remote Code Execution via MAIL FROM Field
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
4 stars
CVSS 9.8
CVE-2019-7214 NOMISEC CRITICAL WORKING POC
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
3 stars
CVSS 9.8
CVE-2020-7247 NOMISEC CRITICAL WORKING POC
OpenSMTPD 6.6 - Remote Code Execution via MAIL FROM Field
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
2 stars
CVSS 9.8
CVE-2019-7214 NOMISEC CRITICAL WORKING POC
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
1 stars
CVSS 9.8
CVE-2019-7214 NOMISEC CRITICAL WORKING POC
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
1 stars
CVSS 9.8
CVE-2019-7214 NOMISEC CRITICAL WORKING POC
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
CVSS 9.8
CVE-2021-47746 EXPLOITDB HIGH python WORKING POC
NodeBB Plugin Emoji 3.2.1 - Path Traversal
NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by manipulating the file path parameter.
CVSS 7.5
CVE-2022-24706 METASPLOIT CRITICAL ruby WORKING POC
Apache Couchdb Erlang RCE
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
CVSS 9.8
CVE-2019-7214 METASPLOIT CRITICAL ruby WORKING POC
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
CVSS 9.8
CVE-2019-7214 EXPLOITDB CRITICAL python WORKING POC
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
CVSS 9.8
EIP-2026-118587 EXPLOITDB text WORKING POC
FreeSWITCH 1.10.1 - Command Execution
CVE-2019-16116 EXPLOITDB MEDIUM python WORKING POC
EnterpriseDT CompleteFTP Server <12.1.3 - Info Disclosure
EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash.
CVSS 4.3
CVE-2006-6576 EXPLOITDB python WORKING POC
Golden FTP Server <1.92 - Buffer Overflow
Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affected. NOTE: the USER vector is already covered by CVE-2005-0634.
EIP-2026-117716 EXPLOITDB text WRITEUP
Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
CVE-2018-16156 EXPLOITDB HIGH powershell WORKING POC
PaperStream IP (TWAIN) 1.42.0.5685 - Unauthenticated Local Privilege Escalation via Untrusted Search Path
In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it can be used to escalate to SYSTEM level privilege.
CVSS 7.8
CVE-2020-5752 EXPLOITDB HIGH powershell WORKING POC
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
CVSS 7.8
EIP-2026-112578 EXPLOITDB python WORKING POC
TeamCity Agent XML-RPC 10.0 - Remote Code Execution
CVE-2019-11229 EXPLOITDB HIGH python WORKING POC
Gitea < 1.7.6 and 1.8.x < 1.8-RC3 - Remote Code Execution via Mirror Repository URL Mishandling
models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution.
CVSS 8.8
EIP-2026-104057 EXPLOITDB text WORKING POC
Qmail SMTP 1.03 - Bash Environment Variable Injection
EIP-2026-103900 EXPLOITDB python WORKING POC
Erlang Cookie - Remote Code Execution
EIP-2026-103186 EXPLOITDB python WORKING POC
Pachev FTP Server 1.0 - Path Traversal
CVE-2020-7247 EXPLOITDB CRITICAL python WORKING POC
OpenSMTPD 6.6 - Remote Code Execution via MAIL FROM Field
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
CVSS 9.8
CVE-2020-10199 EXPLOITDB HIGH python WORKING POC
Nexus Repository Manager Java EL Injection RCE
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
CVSS 8.8
EIP-2026-102335 EXPLOITDB text WORKING POC
H2 Database 1.4.199 - JNI Code Execution