Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-37018 EXPLOITDB MEDIUM text
GOautodial 4.0 - Authenticated Stored Cross-Site Scripting via Message Subject
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing session cookies or executing client-side attacks.
by Balzabu
CVSS 6.4
CVE-2020-37001 EXPLOITDB HIGH python
Frigate Professional 3.36.0.9 - Buffer Overflow
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler (SEH) and uses an egghunter technique to execute a reverse shell payload.
by MasterVlad
CVSS 8.4
CVE-2020-37000 EXPLOITDB CRITICAL python
Free MP3 CD Ripper 2.8 - Remote Code Execution via Malicious WAV File
Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious WAV file with oversized payload. Attackers can leverage a specially crafted exploit file with shellcode, SEH bypass, and egghunter technique to achieve remote code execution on vulnerable Windows systems.
by Eduard Palisek
CVSS 9.8
CVE-2020-36999 EXPLOITDB HIGH text
Elaniin CMS 1.0 - Unauthenticated Authentication Bypass and SQL Injection via Login Page
Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting unauthorized access to the system.
by BKpatron
CVSS 8.2
CVE-2020-23829 EXPLOITDB HIGH text
LibreHealth EHR <2.0.0 - Authenticated RCE
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.
by boku
CVSS 8.8
CVE-2020-23828 EXPLOITDB CRITICAL python
SourceCodester Online Course Registration v1.0 - RCE
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo.
by boku
CVSS 9.8
CVE-2020-36901 EXPLOITDB HIGH text
UBICOD Medivision Digital Signage 1.5.1 - CSRF
UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that submits a form to the /query/user/itSet endpoint to add a new admin user with elevated privileges.
by LiquidWorm
CVSS 8.8
CVE-2020-36880 EXPLOITDB HIGH python
Flexsense DiskBoss 7.7.14 - Buffer Overflow
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data Directory' field that allows an attacker to execute arbitrary code on the system.
by MasterVlad
CVSS 7.8
EIP-2026-115020 EXPLOITDB python
Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)
by Felipe Winsnes
CVE-2020-8163 EXPLOITDB HIGH ruby
Rails < 5.0.1 - Remote Code Execution via Render Locals Argument
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
by Lucas Amorim
CVSS 8.8
CVE-2019-19985 EXPLOITDB MEDIUM text
Email Subscribers & Newsletters < 4.2.3 - Unauthenticated File Download and User Information Disclosure
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
by KBA@SOGETI_ESEC
CVSS 5.3
CVE-2019-20361 EXPLOITDB CRITICAL bash
Email Subscribers & Newsletters < 4.3.1 - SQL Injection via Hash Parameter
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
by KBA@SOGETI_ESEC
CVSS 9.8
EIP-2026-113374 EXPLOITDB text
Webtareas 2.1p - Arbitrary File Upload (Authenticated)
by AppleBois
EIP-2026-113111 EXPLOITDB text
Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting
by Peter Blue
CVE-2019-16667 EXPLOITDB HIGH text
pfSense 2.4.4-p3 - Cross-Site Request Forgery via diag_command.php
diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing.
by ghost_fh
CVSS 8.8
EIP-2026-110465 EXPLOITDB text
PandoraFMS NG747 7.0 - 'filename' Persistent Cross-Site Scripting
by Emre ÖVÜNÇ
CVE-2020-11749 EXPLOITDB CRITICAL text
Pandora FMS 7.0_ng-746 - Stored Cross-Site Scripting in SNMP Device Scan View
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2.
by AppleBois
CVSS 9.0
EIP-2026-104442 EXPLOITDB text
Socket.io-file 2.0.31 - Arbitrary File Upload
by Cr0wTom
CVE-2020-15492 EXPLOITDB CRITICAL go
INNEO Startup TOOLS 12.0.66.3784-13.0.70.3804 - Unauthenticated Path Traversal via sut_srv.exe Web Application
An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. The sut_srv.exe web application (served on TCP port 85) includes user input into a filesystem access without any further validation. This might allow an unauthenticated attacker to read files on the server via Directory Traversal, or possibly have unspecified other impact.
by Patrick Hener
CVSS 9.8
CVE-2019-16113 EXPLOITDB HIGH text
Bludit 3.9.2 - Remote Code Execution via Image Upload Path Traversal
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
by James Green
CVSS 8.8
CVE-2020-15050 EXPLOITDB HIGH text
Suprema BioStar 2 <2.8.2 - Path Traversal
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
by SITE Team
CVSS 7.5
CVE-2016-9488 EXPLOITDB CRITICAL python
ManageEngine Applications Manager 12-13 < 13200 - Unauthenticated SQL Injection via MenuHandlerServlet
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries.
by aldorm
CVSS 9.8
CVE-2020-5902 EXPLOITDB CRITICAL python
BIG-IP 11.6.1-11.6.5.1 - Remote Code Execution via TMUI Undisclosed Pages
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
by Carlos E. Vieira
CVSS 9.8
CVE-2020-37029 EXPLOITDB HIGH python
FTPDummy 4.80 - Local Buffer Overflow via Preference File Handling
FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exception handler overwrite and execute system commands.
by Felipe Winsnes
CVSS 8.4
CVE-2020-37005 EXPLOITDB HIGH python
TimeClock Software 1.01 - Authenticated SQL Injection
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the add_entry.php endpoint to determine user existence by measuring response time differences.
by François Bibeau
CVSS 7.1