Exploitdb Exploits
49,983 exploits tracked across all sources.
Studio 5000 Logix Designer 30.01.00 - Privilege Escalation
Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\ to inject malicious code that would execute with LocalSystem permissions.
by Luis Martínez
CVSS 7.8
BartVPN 1.2.2 - Code Injection
BartVPN 1.2.2 contains an unquoted service path vulnerability in the BartVPNService that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the service's execution context.
by ZwX
CVSS 7.8
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by 0xeb-bp
CVSS 9.8
iSmartViewPro 1.3.34 - DoS
iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS devices.
by Ivan Marmolejo
CVSS 7.5
Foscam VMS 1.1.4.9 - DoS
Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of repeated 'A' characters to trigger an application crash during device login.
by chuyreds
CVSS 7.5
Crystal Live HTTP Server 6.01 - Path Traversal
Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequences to navigate outside the web root and retrieve sensitive configuration files like Windows system files.
by numan türle
CVSS 7.5
Centova Cast 3.2.11 - Path Traversal
Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using curl and wget requests.
by DroidU
CVSS 8.8
Wondershare MobileGo 8.5.0 - Privilege Escalation
Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators group with full system access.
by ZwX
CVSS 7.8
NCP Secure Entry Client 9.2 - Code Injection
NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that would execute with LocalSystem privileges during service startup.
by Akif Mohamed Ik
CVSS 7.8
Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path
by Luis Martínez
ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path
by Olimpia Saucedo
TemaTres 3.0 - Privilege Escalation
TemaTres 3.0 allows remote unprivileged users to create an administrator account
by Pablo Santiago
CVSS 9.8
TemaTres 3.0 - XSS
TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI.
by Pablo Santiago
CVSS 5.4
Nipper-ng - Out-of-Bounds Write
A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.
by Guy Levin
CVSS 7.8
Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service (PoC)
by Luis Martínez
Lexmark Services Monitor <2.27.4.0.39 - Path Traversal
In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system.
by Kevin Randall
CVSS 7.5
Shrew Soft VPN Client 2.2.2 - Privilege Escalation
Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables in the unquoted service path to gain elevated access during service startup or system reboot.
by D.Goedecke
CVSS 7.8
oXygen XML Editor 21.1.1 - XML External Entity Injection
by Pablo Santiago
Microsoft Windows 10 1507 - Improper Privilege Management
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
by TomahawkAPT69
CVSS 7.8
SibSoft Xfilesharing <2.5.1 - Path Traversal
SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files.
by Noman Riffat
CVSS 7.5
gSOAP 2.8 - Path Traversal
gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal sequences.
by numan türle
CVSS 7.5
Fastweb Askey Rtv1907vw Firmware - OS Command Injection
An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter.
by Riccardo Gasparini
CVSS 9.8
FUDForum 3.0.9 - Stored XSS
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.
by liquidsky
CVSS 9.0
By Source