Exploitdb Exploits

4,724 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101453 EXPLOITDB python
Siemens TIA Portal - Remote Command Execution
by Joseph Bingham
CVE-2007-0213 EXPLOITDB python
Microsoft Exchange Server - Improper Input Validation
Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
by Charles Truscott
CVE-2019-13024 EXPLOITDB HIGH python
Centreon - Command Injection
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).
by Askar
CVSS 8.8
CVE-2020-21999 EXPLOITDB HIGH python
IWT Facesentry Access Control System Firmware - OS Command Injection
iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script.
by LiquidWorm
CVSS 8.8
CVE-2019-25241 EXPLOITDB CRITICAL python
FaceSentry Access Control System <6.4.8 - Privilege Escalation
FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication.
by LiquidWorm
CVSS 9.8
CVE-2019-13063 EXPLOITDB HIGH python
Sahipro Sahi Pro - Path Traversal
Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion.
by Operat0r
CVSS 7.5
CVE-2018-20434 EXPLOITDB CRITICAL python VERIFIED
Librenms - OS Command Injection
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.
by Askar
CVSS 9.8
CVE-2019-25487 EXPLOITDB CRITICAL python
SAPIDO RB-1732 V2.0.43 - RCE
SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. Attackers can send POST requests with the sysCmd parameter containing shell commands to execute code on the device with router privileges.
by k1nm3n.aotoi
CVSS 9.8
CVE-2019-13131 EXPLOITDB CRITICAL python
Supermicro Superdoctor 5 - Missing Authentication
Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE.
by Simon Gurney
CVSS 9.8
EIP-2026-100643 EXPLOITDB python
BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal
by Aaron Bishop
CVE-2019-12276 EXPLOITDB HIGH python
GrandNode 4.40 - Path Traversal
A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
by Corey Robinson
CVSS 7.5
CVE-2019-25603 EXPLOITDB HIGH python
TuneClone 2.20 Structured Exception Handler Buffer Overflow
TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH handler address pointing to a ROP gadget, then paste it into the license code field to trigger code execution and establish a bind shell.
by Achilles
CVSS 8.4
CVE-2019-13292 EXPLOITDB CRITICAL python
Weberp - SQL Injection
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.
by Semen Alexandrovich Lyhin
CVSS 9.8
EIP-2026-100645 EXPLOITDB python
BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection
by Aaron Bishop
EIP-2026-100644 EXPLOITDB python
BlogEngine.NET 3.3.6/3.3.7 - 'theme Cookie' Directory Traversal / Remote Code Execution
by Aaron Bishop
EIP-2026-100642 EXPLOITDB python
BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution
by Aaron Bishop
CVE-2019-12890 EXPLOITDB CRITICAL python
Redwoodhq - Missing Authentication
RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call.
by EthicalHCOP
CVSS 9.8
EIP-2026-102700 EXPLOITDB python
Netperf 2.6.0 - Stack-Based Buffer Overflow
by Juan Sacco
EIP-2026-102699 EXPLOITDB python
Netperf 2.6.0 - Stack-Based Buffer Overflow
by Juan Sacco
CVE-2020-19513 EXPLOITDB HIGH python
Aida64 - Out-of-Bounds Write
Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler.
by Nipun Jaswal
CVSS 7.8
EIP-2026-107317 EXPLOITDB python
FusionPBX 4.4.3 - Remote Command Execution
by Dustin Cobb
CVE-2019-12788 EXPLOITDB HIGH python
Photodex Proshow Producer - Out-of-Bounds Write
An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges). It is possible to perform a buffer overflow via a crafted file.
by Yonatan_Correa
CVSS 7.8
CVE-2019-9621 EXPLOITDB HIGH python
Zimbra Collaboration Suite <8.6-8.8 - SSRF
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
by k8gege
CVSS 7.5
CVE-2019-25604 EXPLOITDB HIGH python
DVDXPlayer Pro 5.5 Local Buffer Overflow with SEH
DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a buffer and hijacks the SEH chain to execute arbitrary code with application privileges.
by Kevin Randall
CVSS 8.4
CVE-2018-19864 EXPLOITDB CRITICAL python
NUUO NVRmini2 - Buffer Overflow
NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.
by @0x00string
CVSS 9.8
By Source
All 4,724 Exploitdb 50,121 Writeup 46,758 Nomisec 21,200 Metasploit 3,189 Github 2,253 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,740 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24