Tenable

10 exploits Active since Apr 2009
CVE-2019-3929 NOMISEC CRITICAL WORKING POC
Crestron Am-100 Firmware < 2.4.1.19 - OS Command Injection
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
4 stars
CVSS 9.8
CVE-2009-1285 METASPLOIT ruby WORKING POC
Phpmyadmin - Code Injection
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.
CVE-2023-6329 METASPLOIT CRITICAL ruby WORKING POC
Control iD iDSecure Authentication Bypass (CVE-2023-6329)
An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.
CVSS 9.8
CVE-2024-5276 METASPLOIT CRITICAL ruby WORKING POC
Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data.  Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier.
CVSS 9.8
CVE-2023-2915 METASPLOIT HIGH ruby WORKING POC
ThinManager Path Traversal (CVE-2023-2915) Arbitrary File Delete
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition.
CVSS 7.5
CVE-2023-27855 METASPLOIT CRITICAL ruby WORKING POC
ThinManager Path Traversal (CVE-2023-27855) Arbitrary File Upload
In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.
CVSS 9.8
CVE-2023-2917 METASPLOIT CRITICAL ruby WORKING POC
ThinManager Path Traversal (CVE-2023-2917) Arbitrary File Upload
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability.  Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed.  A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities.
CVSS 9.8
CVE-2023-27856 METASPLOIT HIGH ruby WORKING POC
ThinManager Path Traversal (CVE-2023-27856) Arbitrary File Download
In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.
CVSS 7.5
CVE-2025-2264 METASPLOIT HIGH ruby WORKING POC
Sante PACS Server Path Traversal (CVE-2025-2264)
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.
CVSS 7.5
CVE-2024-4548 METASPLOIT CRITICAL ruby WORKING POC
DIAEnergie SQL Injection (CVE-2024-4548)
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.
CVSS 9.8