Debashis Pal

6 exploits Active since Sep 2019
CVE-2019-25306 EXPLOITDB HIGH text WRITEUP
BlackMoon FTP Server 3.1.2.1731 - Privilege Escalation
BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with LocalSystem account permissions during service startup.
CVSS 7.8
CVE-2019-16532 EXPLOITDB MEDIUM text WORKING POC
YzmCMS V5.3 - SSRF
An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections.
CVSS 6.1
CVE-2019-16330 EXPLOITDB MEDIUM text WORKING POC
NCH Express Accounts Accounting v7.02 - XSS
In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript.
CVSS 5.4
CVE-2019-16282 EXPLOITDB MEDIUM text WORKING POC
NCH Express Invoice <7.12 - XSS
In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript.
CVSS 5.4
EIP-2026-118094 EXPLOITDB text WRITEUP
Web Companion versions 5.1.1035.1047 - 'WCAssistantService' Unquoted Service Path
EIP-2026-117568 EXPLOITDB text WORKING POC
Microsoft Windows FxCop 10/12 - XML External Entity Injection