Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25320 EXPLOITDB MEDIUM text
E Learning Script 1.0 - Auth Bypass
E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain unauthorized access to the system.
by riamloo
CVSS 6.5
CVE-2019-25319 EXPLOITDB CRITICAL python
Domain Quester Pro 6.02 - Remote Code Execution via Domain Name Keywords Input
Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the 'Domain Name Keywords' input field to trigger an access violation and execute a bind shell on port 9999.
by boku
CVSS 9.8
CVE-2019-25318 EXPLOITDB HIGH python
AVS Audio Converter <9.1.2.600 - Code Injection
AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button is clicked.
by boku
CVSS 8.8
CVE-2020-22001 EXPLOITDB CRITICAL text
HomeAutomation 3.3.2 - Authentication Bypass via X-Forwarded-For Header Spoofing
HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution.
by LiquidWorm
CVSS 9.8
CVE-2020-22000 EXPLOITDB HIGH text
HomeAutomation 3.3.2 - Authenticated OS Command Injection via Custom Command Plugin
HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'set_command_on' and 'set_command_off' POST parameters in '/system/systemplugins/customcommand/customcommand.plugin.php' by using an unsanitized PHP exec() function.
by LiquidWorm
CVSS 8.0
CVE-2020-21996 EXPLOITDB HIGH text
AVE DOMINAplus <=1.10.x - Unauthenticated Denial of Service via Reboot Command Execution
AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario.
by LiquidWorm
CVSS 7.5
CVE-2020-21994 EXPLOITDB CRITICAL text
AVE DOMINAplus <=1.10.x - Unauthenticated Credential Disclosure via /xml/authClients.xml
AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack.
by LiquidWorm
CVSS 9.8
CVE-2020-21991 EXPLOITDB CRITICAL text
AVE DOMINAplus <= 1.10.x - Unauthenticated Authentication Bypass via changeparams.php autologin Parameter
AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials.
by LiquidWorm
CVSS 9.8
CVE-2020-21990 EXPLOITDB HIGH text
MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Unauthenticated Information Disclosure
Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information.
by LiquidWorm
CVSS 7.5
CVE-2020-21989 EXPLOITDB HIGH text VERIFIED
HomeAutomation 3.3.2 - Cross-Site Request Forgery
HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
by LiquidWorm
CVSS 8.8
CVE-2020-21987 EXPLOITDB MEDIUM text
HomeAutomation 3.3.2 - Stored Cross-Site Scripting via Input Parameter
HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session.
by LiquidWorm
CVSS 6.1
CVE-2019-25267 EXPLOITDB HIGH text
Wing FTP Server 6.0.7 - Privilege Escalation
Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
by Nawaf Alkeraithe
CVSS 7.8
CVE-2019-25233 EXPLOITDB MEDIUM text
AVE DOMINAplus 1.10.x - Cross-Site Request Forgery and Cross-Site Scripting via login.php
AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and execute arbitrary scripts in user browser sessions.
by LiquidWorm
CVSS 5.3
CVE-2019-1405 EXPLOITDB HIGH ruby VERIFIED
Windows UPnP Service - Privilege Escalation via COM Object Creation
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
by Metasploit
CVSS 7.8
CVE-2019-19726 EXPLOITDB HIGH ruby VERIFIED
OpenBSD Dynamic Loader chpass Privilege Escalation
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.
by Metasploit
CVSS 7.8
EIP-2026-102980 EXPLOITDB ruby VERIFIED
Reptile Rootkit - reptile_cmd Privilege Escalation (Metasploit)
by Metasploit
EIP-2026-102126 EXPLOITDB text
XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery (Add Admin)
by Ismail Tasdelen
EIP-2026-102125 EXPLOITDB text
XEROX WorkCentre 7830 Printer - Cross-Site Request Forgery (Add Admin)
by Ismail Tasdelen
EIP-2026-102124 EXPLOITDB text
XEROX WorkCentre 6655 Printer - Cross-Site Request Forgery (Add Admin)
by Ismail Tasdelen
EIP-2026-102115 EXPLOITDB text
WEMS BEMS 21.3.1 - Undocumented Backdoor Account
by LiquidWorm
EIP-2026-101956 EXPLOITDB text
RICOH SP 4510SF Printer - HTML Injection
by Ismail Tasdelen
EIP-2026-100960 EXPLOITDB bash VERIFIED
FreeBSD-SA-19:15.mqueuefs - Privilege Escalation
by Karsten König
CVE-2019-5596 EXPLOITDB HIGH bash VERIFIED
FreeBSD 11.2-STABLE, 12.0-STABLE < r343781, 12.0-RELEASE < p3 - Privilege Escalation via UNIX Domain Socket
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.
by Karsten König
CVSS 8.8
CVE-2019-19844 EXPLOITDB CRITICAL VERIFIED
Django < 1.11.27, 2.x < 2.2.9, 3.x < 3.0.1 - Account Takeover via Unicode Case Transformation Bypass
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)
by Ryuji Tsutsui
CVSS 9.8
CVE-2019-25328 EXPLOITDB HIGH python
XnConvert 1.82 - Denial of Service via Registration Code Input Field
XnConvert 1.82 contains a denial of service vulnerability in its registration code input field that allows attackers to crash the application. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the registration code field to trigger an application crash.
by Gokkulraj
CVSS 7.5