Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-37099 EXPLOITDB HIGH text
Disk Savvy Enterprise 12.3.18 - Code Injection
Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe' to inject malicious executables and escalate privileges.
by boku
CVSS 7.8
CVE-2020-37098 EXPLOITDB HIGH text
Disk Sorter Enterprise <12.4.16 - Code Injection
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
by boku
CVSS 7.8
CVE-2017-1000475 EXPLOITDB HIGH text
FreeSSHd <1.3.1 - Privilege Escalation
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.
by boku
CVSS 7.8
EIP-2026-118016 EXPLOITDB python
Torrent iPod Video Converter 1.51 - Stack Overflow
by boku
EIP-2026-117202 EXPLOITDB text
freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path
by boku
EIP-2026-117080 EXPLOITDB python
DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow
by ZwX
EIP-2026-117079 EXPLOITDB python
DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow
by ZwX
EIP-2026-113831 EXPLOITDB ruby VERIFIED
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)
by Metasploit
CVE-2020-8825 EXPLOITDB MEDIUM text
Vanilla 2.6.3 - Stored Cross-Site Scripting via Branding Settings Page
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
by Sayak Naskar
CVSS 5.4
CVE-2020-7247 EXPLOITDB CRITICAL perl VERIFIED
OpenSMTPD 6.6 - Remote Code Execution via MAIL FROM Field
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
by Marco Ivaldi
CVSS 9.8
CVE-2020-8839 EXPLOITDB MEDIUM text
CHIYU BF-430 Firmware < 1.16.00 - Stored Cross-Site Scripting via TF_submask Field
Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cgi TF_submask field.
by Luca.Chiou
CVSS 6.1
CVE-2020-37162 EXPLOITDB CRITICAL python
Wedding Slideshow Studio <1.36 - Buffer Overflow
Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buffer overflow and execute commands through the registration key field.
by ZwX
CVSS 9.8
CVE-2019-19363 EXPLOITDB HIGH ruby VERIFIED
Ricoh Printer Drivers - Local Privilege Escalation via Incorrect Permission Assignment
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version
by Metasploit
CVSS 7.8
CVE-2020-7949 EXPLOITDB HIGH text
Dota 2 < 7.23f - Remote Code Execution via Crafted Map in GetValue Call
schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call.
by Bogdan Kurinnoy
CVSS 7.8
CVE-2020-7108 EXPLOITDB MEDIUM text
LearnDash 3.0-3.1.2 - Cross-Site Scripting via ld-profile Search Field
The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.
by Jinson Varghese Behanan
CVSS 5.4
CVE-2019-6146 EXPLOITDB MEDIUM text
Forcepoint Web Security 8.0.0-8.5.3 - Cross-Site Scripting via Host Header Injection
It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
by Prasenjit Kanti Paul
CVSS 6.1
CVE-2020-3837 EXPLOITDB HIGH text VERIFIED
iPadOS < 13.3.1 - Out-of-bounds Write
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.
by Google Security Research
CVSS 7.8
CVE-2019-20215 EXPLOITDB CRITICAL ruby VERIFIED
D-Link DIR-859 1.05 and 1.06B01 - Unauthenticated OS Command Injection via M-SEARCH Method
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters.
by Metasploit
CVSS 9.8
CVE-2020-7247 EXPLOITDB CRITICAL ruby VERIFIED
OpenSMTPD 6.6 - Remote Code Execution via MAIL FROM Field
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
by Metasploit
CVSS 9.8
EIP-2026-102755 EXPLOITDB python VERIFIED
usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init
by Google Security Research
CVE-2020-37163 EXPLOITDB HIGH text
QuickDate 1.3.2 - SQL Injection via _located Parameter
QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject UNION-based SQL statements to extract database information including user credentials, database name, and system version.
by Ihsan Sencan
CVSS 8.2
EIP-2026-119674 EXPLOITDB text
ExpertGPS 6.38 - XML External Entity Injection
by Trent Gordon
CVE-2018-11479 EXPLOITDB HIGH ruby VERIFIED
Windscribe 1.81 - Unauthenticated Privilege Escalation via Named Pipe Command Injection
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe.
by Metasploit
CVSS 7.8
EIP-2026-113050 EXPLOITDB text
VehicleWorkshop 1.0 - 'bookingid' SQL Injection
by Mehran Feizi
EIP-2026-110442 EXPLOITDB text
PackWeb Formap E-learning 1.0 - 'NumCours' SQL Injection
by Amel BOUZIANE-LEBLOND