Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-15921 EXPLOITDB CRITICAL python
Mida eFramework < 2.9.0 - Unauthenticated Backdoor Access and Code Execution
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.
by elbae
CVSS 9.8
CVE-2019-15715 EXPLOITDB HIGH python
MantisBT < 1.3.20 - Authenticated Remote Code Execution via Command Injection
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
by Nikolas Geiselman
CVSS 7.2
CVE-2020-11804 EXPLOITDB HIGH python
SpamTitan 7.07 - Authenticated Code Injection via mailqueue.php quid Parameter
An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request.
by Felipe Molina
CVSS 8.8
CVE-2020-0618 EXPLOITDB HIGH python
Microsoft SQL Server Reporting Services - Remote Code Execution via ViewState Deserialization
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
by West Shepherd
CVSS 8.8
EIP-2026-118117 EXPLOITDB text
Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software
by hyp3rlinx
CVE-2020-9467 EXPLOITDB MEDIUM text
Piwigo 2.10.1 - Stored Cross-Site Scripting via pwg.images.setInfo File Parameter
Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
by Iridium
CVSS 5.4
CVE-2020-25540 EXPLOITDB HIGH text
ThinkAdmin v6 - Unauthenticated Path Traversal via GET Request Encode Parameter
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.
by Hzllaga
CVSS 7.5
CVE-2020-23835 EXPLOITDB MEDIUM text
SourceCodester Tailor Management System v1.0 - XSS
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing.
by boku
CVSS 6.4
CVE-2020-25751 EXPLOITDB HIGH text
pago_commerce 2.5.9.0 - Authenticated SQL Injection via filter_published Parameter
The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.
by Mehmet Kelepçe
CVSS 8.8
EIP-2026-117832 EXPLOITDB text
Rapid7 Nexpose Installer 6.6.39 - 'nexposeengine' Unquoted Service Path
by LiquidWorm
EIP-2026-117756 EXPLOITDB text
Pearson Vue VTS 2.3.1911 Installer - 'VUEApplicationWrapper' Unquoted Service Path
by Jok3r
CVE-2020-13259 EXPLOITDB HIGH text
RAD SecFlow-1v os-image SF_0290_2.3.01.26 - CSRF
A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. This could be exploited in conjunction with CVE-2020-13260.
by Jonatan Schor
CVSS 8.8
CVE-2020-13260 EXPLOITDB MEDIUM text
RAD SecFlow-1v Firmware - Authenticated Stored Cross-Site Scripting via OVPN File Upload
A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. This payload will execute each time a user opens an affected web page. This could be exploited in conjunction with CVE-2020-13259.
by Jonatan Schor
CVSS 6.1
CVE-2020-37012 EXPLOITDB CRITICAL text
Tea LaTeX 1.0 - Unauthenticated Remote Code Execution via /api.php tex2png Action
Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious LaTeX payload with shell commands that are executed when processed by the application's tex2png API action.
by nepska
CVSS 9.8
CVE-2020-37011 EXPLOITDB HIGH python
Gnome Fonts Viewer 3.34.0 - Memory Corruption
Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to exhaust memory through repeated malloc() calls and potentially crash the gnome-font-viewer process.
by Cody Winkler
CVSS 7.5
CVE-2020-10229 EXPLOITDB HIGH python
vtenext 19 CE - Cross-Site Request Forgery
A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.
by Marco Ruela
CVSS 8.8
CVE-2020-10228 EXPLOITDB HIGH python
vtenext 19 CE - Authenticated Remote Code Execution via .pht File Upload
A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.
by Marco Ruela
CVSS 8.8
CVE-2020-10227 EXPLOITDB MEDIUM python
vtenext 19 CE - Stored Cross-Site Scripting via Email From Field
A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email.
by Marco Ruela
CVSS 6.1
CVE-2019-11447 EXPLOITDB HIGH python VERIFIED
CutePHP CuteNews 2.1.2 - Code Injection
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
by Musyoka Ian
CVSS 8.8
CVE-2020-6862 EXPLOITDB MEDIUM bash
ZTE F6x2W Firmware V6.0.10P2T2 and V6.0.10P2T5 - Unauthenticated Information Disclosure via CAPTCHA Bypass
V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.
by Hritik Vijay
CVSS 5.3
EIP-2026-102049 EXPLOITDB python
Tiandy IPC and NVR 9.12.7 - Credential Disclosure
by zb3
CVE-2020-37013 EXPLOITDB HIGH python
Audio Playback Recorder 3.2.2 - Buffer Overflow
Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler (SEH) to execute shellcode when pasting specially crafted input into the application's input fields.
by Felipe Winsnes
CVSS 8.4
CVE-2020-36990 EXPLOITDB HIGH text
Input Director 1.4.3 - Privilege Escalation
Input Director 1.4.3 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions.
by TOUHAMI Kasbaoui
CVSS 7.8
EIP-2026-112550 EXPLOITDB text
Tailor Management System - 'id' SQL Injection
by Mosaaed
EIP-2026-102420 EXPLOITDB text
Scopia XT Desktop 8.3.915.4 - Cross-Site Request Forgery (change admin password)
by V1n1v131r4