Exploitdb Exploits

49,983 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-20354 EXPLOITDB MEDIUM text VERIFIED
Pisignage < 2.6.4 - Path Traversal
The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download.
by JunYeong Ko
CVSS 4.3
CVE-2020-5183 EXPLOITDB HIGH text
Ftpgetter - Out-of-Bounds Write
FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. This memory corruption bug can possibly be classified as a NULL pointer dereference.
by FULLSHADE
CVSS 7.5
CVE-2020-37214 EXPLOITDB HIGH text
Voyager 1.3.0 - Path Traversal
Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files.
by NgoAnhDuc
CVSS 7.5
CVE-2020-37213 EXPLOITDB HIGH python VERIFIED
TextCrawler Pro 3.1.1 - DoS
TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application crash.
by stresser
CVSS 7.5
CVE-2020-37212 EXPLOITDB HIGH python VERIFIED
SpotMSN 2.4.6 - DoS
SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
CVE-2020-37211 EXPLOITDB HIGH python VERIFIED
SpotIM 2.2 - DoS
SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
CVE-2020-37210 EXPLOITDB HIGH python VERIFIED
SpotIE 2.9.5 - DoS
SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
CVE-2020-37209 EXPLOITDB HIGH python VERIFIED
SpotFTP 3.0.0.0 - DoS
SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
CVE-2020-37208 EXPLOITDB HIGH python
SpotFTP 3.0.0.0 - Buffer Overflow
SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service.
by Ismail Tasdelen
CVSS 7.5
CVE-2020-37206 EXPLOITDB HIGH python VERIFIED
ShareAlarmPro - DoS
ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field.
by Ismail Tasdelen
CVSS 7.5
CVE-2020-37205 EXPLOITDB HIGH python VERIFIED
RemShutdown 2.9.0.0 - DoS
RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
CVE-2020-37204 EXPLOITDB HIGH python VERIFIED
RemShutdown 2.9.0.0 - DoS
RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
CVE-2020-37203 EXPLOITDB HIGH python
Office Product Key Finder <1.5.4 - DoS
Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. Attackers can create a specially crafted text file and paste it into the 'Name and Key' field to trigger an application crash.
by Gokkulraj
CVSS 7.5
CVE-2020-37202 EXPLOITDB HIGH python VERIFIED
NetworkSleuth 3.0.0.0 - DoS
NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
CVE-2020-37201 EXPLOITDB HIGH python VERIFIED
NetShareWatcher 1.5.8.0 - Buffer Overflow
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
CVE-2020-37200 EXPLOITDB HIGH python VERIFIED
NetShareWatcher 1.5.8.0 - Buffer Overflow
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
CVE-2020-37199 EXPLOITDB HIGH python VERIFIED
NBMonitor 1.6.6.0 - DoS
NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
CVE-2020-37198 EXPLOITDB HIGH python VERIFIED
Duplicate Cleaner Pro 4.1.3 - DoS
Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger an application crash.
by stresser
CVSS 7.5
CVE-2020-37197 EXPLOITDB HIGH python VERIFIED
Dnss - DoS
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
CVE-2020-37196 EXPLOITDB HIGH python VERIFIED
Dnss - DoS
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
CVE-2020-37195 EXPLOITDB HIGH python VERIFIED
BlueAuditor <1.7.2.0 - DoS
BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
CVE-2020-37194 EXPLOITDB HIGH python VERIFIED
Backup Key Recovery <2.2.5 - DoS
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
CVE-2020-37207 EXPLOITDB HIGH python
SpotDialup 1.6.7 - DoS
SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
CVE-2020-37102 EXPLOITDB HIGH text VERIFIED
Adaware Web Companion 4.9.2159 - Code Injection
Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
by ZwX
CVSS 7.8
CVE-2020-5842 EXPLOITDB MEDIUM text
Codoforum 4.8.3 - XSS
Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page.
by Prasanth
CVSS 6.1
By Source
All 49,983 Writeup 56,904 Exploitdb 49,983 Nomisec 21,402 Metasploit 3,216 Github 2,518 Vulncheck_xdb 901 Inthewild 514 Gitlab 437 Gitee 415 Patchapalooza 312
By Language
text 31,329 python 5,908 ruby 5,905 c 3,561 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 88 go 53 postscript 25 xml 24