Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-19731 EXPLOITDB HIGH text
Roxy Fileman 1.4.5 - Path Traversal
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder (because an incomplete blacklist of file extensions allows Windows shortcut files to be uploaded).
by Patrik Lantz
CVSS 7.5
CVE-2019-20085 EXPLOITDB HIGH text
TVT NVMS-1000 Firmware - Path Traversal via GET Request
TVT NVMS-1000 devices allow GET /.. Directory Traversal
by numan türle
CVSS 7.5
CVE-2019-25332 EXPLOITDB HIGH python
FTP Commander Pro 8.03 - Buffer Overflow
FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft a malicious payload of 4108 bytes to overwrite memory and execute shellcode, demonstrating remote code execution potential.
by boku
CVSS 8.4
CVE-2019-25333 EXPLOITDB HIGH text
Bullwark Momentum Series JAWS 1.0 - Path Traversal
Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP request paths. Attackers can exploit the vulnerability by sending crafted GET requests with multiple '../' sequences to read sensitive files like /etc/passwd outside the web root directory.
by numan türle
CVSS 7.5
CVE-2019-6192 EXPLOITDB MEDIUM c
Lenovo Power Management Driver < 1.67.17.48 - Denial of Service via Buffer Overflow
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.
by Nassim Asrir
CVSS 4.4
EIP-2026-110312 EXPLOITDB ruby
OpenNetAdmin 18.1.1 - Command Injection Exploit (Metasploit)
by Onur ER
EIP-2026-104322 EXPLOITDB python
ManageEngine Desktop Central - 'FileStorage getChartImage' Deserialization / Unauthenticated Remote Code Execution
by mr_me
CVE-2019-25334 EXPLOITDB MEDIUM python
Product Key Explorer 4.2.0.0 - Buffer Overflow
Product Key Explorer 4.2.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by overflowing the registration name input field. Attackers can create a specially crafted text file with repeated characters to trigger a buffer overflow when pasted into the registration name field, causing the application to crash.
by SajjadBnd
CVSS 6.2
EIP-2026-116097 EXPLOITDB python
Product Key Explorer 4.2.0.0 - 'Key' Denial of Service (PoC)
by SajjadBnd
EIP-2026-116096 EXPLOITDB python
Product Key Explorer 4.2.0.0 - 'Key' Denial of Service (PoC)
by SajjadBnd
CVE-2019-1476 EXPLOITDB HIGH text
Windows AppXSVC - Privilege Escalation
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1483.
by Gabor Seljan
CVSS 7.8
CVE-2019-16451 EXPLOITDB CRITICAL text VERIFIED
Adobe Acrobat and Reader <2019.021.20056 - RCE
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
by Google Security Research
CVSS 9.8
CVE-2019-17554 EXPLOITDB MEDIUM text
Apache Olingo 4.0.0-4.6.0 - XML External Entity Injection via XML Content Type Deserialization
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks.
by Compass Security
CVSS 5.5
CVE-2019-25291 EXPLOITDB HIGH text
INIM Electronics Smartliving SmartLAN/G/SI <=6.x - Info Disclosure
INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models.
by LiquidWorm
CVSS 7.5
CVE-2019-25290 EXPLOITDB MEDIUM text
Smartliving SmartLAN/G/SI <=6.x - SSRF
Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests.
by LiquidWorm
CVSS 5.3
CVE-2019-25289 EXPLOITDB HIGH text
SmartLiving SmartLAN <=6.x - Command Injection
SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary system commands with root privileges using default credentials.
by LiquidWorm
CVSS 8.8
CVE-2020-21995 EXPLOITDB CRITICAL text
Inim Smartliving Firmware < 6.0 - Use of Hard-coded Credentials
Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system.
by LiquidWorm
CVSS 9.8
CVE-2019-20049 EXPLOITDB CRITICAL python
Alcatel-Lucent OmniVista 4760 - Unauthenticated Remote Code Execution via Directory Traversal and Insecure File Upload
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the __construct() whereas the insecure file upload is in SetSkinImages().
by 0x1911
CVSS 9.8
CVE-2019-20048 EXPLOITDB HIGH python
Alcatel-Lucent OmniVista 8770 < 4.1.12 - Authenticated Remote Code Execution via PHP File Upload
An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM.
by 0x1911
CVSS 7.2
CVE-2019-25336 EXPLOITDB HIGH python
SpotAuditor 5.3.2 - Buffer Overflow
SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to trigger a Structured Exception Handler (SEH) overwrite and execute shellcode on the vulnerable system.
by Kirill Nikolaev
CVSS 8.4
CVE-2019-25335 EXPLOITDB HIGH text
7070 Hazr Profesyonel Web Sitesi 1.0 - Authentication Bypass via SQL Injection
PRO-7070 Hazır Profesyonel Web Sitesi version 1.0 contains an authentication bypass vulnerability in the administration panel login page. Attackers can bypass authentication by using '=' 'or' as both username and password to gain unauthorized access to the administrative interface.
by Ahmet Ümit BAYRAM
CVSS 7.5
CVE-2019-25264 EXPLOITDB MEDIUM text VERIFIED
Snipe-IT 4.7.5 - XSS
Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users.
by Metin Yunus Kandemir
CVSS 6.4
CVE-2019-20047 EXPLOITDB HIGH python
Alcatel-Lucent OmniVista 4760 and 8770 < 4.1.2 - Unauthenticated Credential Exposure via Session File Retrieval
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded in a reversible format. Sessions are stored in /sessions/sess_<sessionid>.
by 0x1911
CVSS 7.5
CVE-2019-17270 EXPLOITDB CRITICAL python
Yachtcontrol < 2019-10-06 - Unauthenticated OS Command Injection via systemcall.php Command Parameter
Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's.
by Hodorsec
CVSS 9.8
EIP-2026-102417 EXPLOITDB text
Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting
by omurugur