Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-19781 EXPLOITDB CRITICAL ruby
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
by mekhalleh
CVSS 9.8
CVE-2019-19781 EXPLOITDB CRITICAL bash
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
by Project Zero India
CVSS 9.8
CVE-2019-1978 EXPLOITDB MEDIUM python
Cisco Firepower Services Software For Asa - Improper Input Validation
A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked.
by TrustedSec
CVSS 5.8
CVE-2020-37104 EXPLOITDB HIGH text
ASTPP 4.0.1 - Unauthenticated Sensitive Information Disclosure via Database Backup Download
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database information from the /database_backup/ directory.
by Fabien AUNAY
CVSS 7.5
CVE-2019-18194 EXPLOITDB HIGH text VERIFIED
TotalAV 2020 4.14.31 - Privilege Escalation via Quarantine NTFS Directory Junction
TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder.
by Kusol Watchara-Apanukorn
CVSS 7.8
CVE-2020-6756 EXPLOITDB CRITICAL python
Rasilient PixelStor 5000 K:4.0.1580-20150629 - Unauthenticated Remote Code Execution via lang Parameter
languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter.
by .:UND3R:.
CVSS 9.8
EIP-2026-110452 EXPLOITDB python VERIFIED
Pandora 7.0NG - Remote Code Execution
by Askar
CVE-2020-37193 EXPLOITDB HIGH python VERIFIED
ZIP Password Recovery 2.30 - Denial of Service via Maliciously Crafted Text File Input
ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared text file with specific characters to trigger an application crash when selecting a ZIP file.
by ZwX
CVSS 7.5
CVE-2020-37192 EXPLOITDB MEDIUM text
MSN Password Recovery 1.30 - Info Disclosure
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system configuration information.
by ZwX
CVSS 6.2
CVE-2019-2729 EXPLOITDB CRITICAL python
Oracle Communications Diameter Signaling Router - Unauthenticated Remote Code Execution via HTTP
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by james
CVSS 9.8
CVE-2020-37153 EXPLOITDB CRITICAL text
ASTPP 4.0.1 - XSS, Command Injection
ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation.
by Fabien AUNAY
CVSS 9.8
CVE-2020-10224 EXPLOITDB CRITICAL python VERIFIED
PHPGurukul Online Book Store 1.0 - Unauthenticated Arbitrary File Upload via admin_add.php
An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.
by Tib3rius
CVSS 9.8
CVE-2020-5306 EXPLOITDB MEDIUM text
Codoforum 4.8.3 - Stored Cross-Site Scripting via Display Name, Title, or Content Parameters
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.
by Vyshnav nk
CVSS 4.8
EIP-2026-102430 EXPLOITDB text
Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape
by hantwister
CVE-2019-15039 EXPLOITDB CRITICAL text VERIFIED
JetBrains TeamCity 2018.2.4 - Remote Code Execution
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
by hantwister
CVSS 9.8
CVE-2019-15999 EXPLOITDB MEDIUM text
Cisco Data Center Network Manager < 11.3(1) - Authenticated Unauthorized Access to JBoss EAP
A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts.
by hantwister
CVSS 6.3
CVE-2017-3623 EXPLOITDB CRITICAL python
Oracle Solaris - Remote Buffer Overflow in Kernel RPC
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions that are affected see note. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3623 is assigned for "Ebbisland". Solaris 10 systems which have had any Kernel patch installed after, or updated via patching tools since 2012-01-26 are not impacted. Also, any Solaris 10 system installed with Solaris 10 1/13 (Solaris 10 Update 11) are not vulnerable. Solaris 11 is not impacted by this issue. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
by hantwister
CVSS 10.0
CVE-2020-10225 EXPLOITDB CRITICAL python VERIFIED
PHPGurukul Job Portal 1.0 - Unauthenticated Arbitrary File Upload via admin/gallery.php
An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.
by Tib3rius
CVSS 9.8
CVE-2019-25261 EXPLOITDB HIGH text
AnyDesk 5.4.0 - Unquoted Service Path Privilege Escalation
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining elevated system privileges.
by SajjadBnd
CVSS 7.8
CVE-2019-1215 EXPLOITDB HIGH c++
Microsoft Windows 10 1507 - Improper Privilege Management
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.
by bluefrostsec
CVSS 7.8
EIP-2026-106107 EXPLOITDB python VERIFIED
Complaint Management System 4.0 - Remote Code Execution
by Metin Yunus Kandemir
CVE-2019-20354 EXPLOITDB MEDIUM text VERIFIED
piSignage < 2.6.4 - Authenticated Path Traversal via Log Download API
The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download.
by JunYeong Ko
CVSS 4.3
CVE-2020-5183 EXPLOITDB HIGH text
FTPGetter Professional 5.97.0.223 - Denial of Service via Crafted String
FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. This memory corruption bug can possibly be classified as a NULL pointer dereference.
by FULLSHADE
CVSS 7.5
CVE-2020-37214 EXPLOITDB HIGH text
Voyager 1.3.0 - Path Traversal via Asset Path Parameter
Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files.
by NgoAnhDuc
CVSS 7.5
CVE-2020-37213 EXPLOITDB HIGH python VERIFIED
TextCrawler Pro 3.1.1 - Denial of Service via License Key Field Buffer Overflow
TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application crash.
by stresser
CVSS 7.5