Exploitdb Exploits

49,983 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-18396 EXPLOITDB HIGH text
Technicolor Td5130v2 Firmware - OS Command Injection
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017–14127.
by João Teles
CVSS 7.2
EIP-2026-102033 EXPLOITDB python
Technicolor TC7300.B0 - 'hostname' Persistent Cross-Site Scripting
by Luis Santana
EIP-2026-101833 EXPLOITDB python
Linear eMerge E3 1.00-06 - Remote Code Execution
by LiquidWorm
CVE-2019-25357 EXPLOITDB HIGH python
Control Center PRO 6.2.9 - Buffer Overflow
Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious payload exceeding 664 bytes to inject shellcode and potentially execute arbitrary code on vulnerable Windows systems.
by sasaga92
CVSS 8.4
CVE-2019-25356 EXPLOITDB MEDIUM text
Bematech MP-4200 TH - XSS
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. Attackers can inject malicious scripts via crafted POST requests with malformed 'admin' and 'person' parameters, allowing execution of arbitrary JavaScript in the context of an authenticated user's browser session.
by Jonatas Fil
CVSS 6.1
CVE-2019-25401 EXPLOITDB HIGH text
Bematech MP-4200 TH - DoS
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malformed 'admin' and 'person' parameters to crash the printer's web service, causing a denial of service condition.
by Jonatas Fil
CVSS 7.5
CVE-2019-25345 EXPLOITDB HIGH text
Realtek IIS Codec Service 6.4.10041.133 - Code Injection
Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges on the system.
by chuyreds
CVSS 7.8
CVE-2019-25285 EXPLOITDB HIGH text
Alps Pointing-device Controller 8.1202.1711.04 - Code Injection
Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the service restarts or the system reboots.
by Mario Rodriguez
CVSS 7.8
CVE-2019-25266 EXPLOITDB HIGH text
Wondershare Application Framework Service 2.4.3.231 - Code Injection
Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific directory locations to hijack the service's execution context.
by chuyreds
CVSS 7.8
EIP-2026-118149 EXPLOITDB text
Wondershare Application Framework Service - _WsAppService_ Unquote Service Path
by chuyreds
EIP-2026-116714 EXPLOITDB text
Acronis True Image OEM 19.0.5128 - 'afcdpsrv' Unquoted Service Path
by Alejandra Sánchez
EIP-2026-105763 EXPLOITDB text
CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection
by LiquidWorm
EIP-2026-102457 EXPLOITDB ruby
Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit)
by max7253
CVE-2019-3398 EXPLOITDB HIGH python
Atlassian Confluence Server < 6.6.13 - Path Traversal
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.
by max7253
CVSS 8.8
CVE-2019-7670 EXPLOITDB HIGH python
Prima Systems FlexAir <2.3.38 - Command Injection
Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system.
by LiquidWorm
CVSS 7.2
CVE-2019-9189 EXPLOITDB HIGH text
Primasystems Flexair < 2.3.38 - Unrestricted File Upload
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker to gain full system access.
by LiquidWorm
CVSS 8.8
CVE-2019-7272 EXPLOITDB MEDIUM text
Optergy Proton/Enterprise - Info Disclosure
Optergy Proton/Enterprise devices allow Username Disclosure.
by LiquidWorm
CVSS 5.3
CVE-2019-7276 EXPLOITDB CRITICAL python
Optergy Proton/Enterprise - RCE
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
by LiquidWorm
CVSS 9.8
CVE-2019-7274 EXPLOITDB CRITICAL text
Optergy Proton/Enterprise - Code Injection
Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root.
by LiquidWorm
CVSS 9.8
CVE-2019-7273 EXPLOITDB HIGH text
Optergy Proton/Enterprise - CSRF
Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF).
by LiquidWorm
CVSS 8.8
EIP-2026-101734 EXPLOITDB bash
FlexAir Access Control 2.4.9api3 - Remote Code Execution
by LiquidWorm
CVE-2019-7666 EXPLOITDB HIGH python
Prima Systems FlexAir <2.3.38 - Auth Bypass
Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password.
by LiquidWorm
CVSS 8.8
CVE-2019-7269 EXPLOITDB CRITICAL bash
Linear eMerge 50P/5000P - Command Injection
Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution.
by LiquidWorm
CVSS 9.8
CVE-2019-7254 EXPLOITDB HIGH text
Linear eMerge E3-Series - Path Traversal
Linear eMerge E3-Series devices allow File Inclusion.
by LiquidWorm
CVSS 7.5
CVE-2019-7256 EXPLOITDB CRITICAL python
Linear eMerge E3-Series - Command Injection
Linear eMerge E3-Series devices allow Command Injections.
by LiquidWorm
CVSS 9.8
By Source
All 49,983 Writeup 57,446 Exploitdb 49,983 Nomisec 21,423 Metasploit 3,217 Github 2,519 Vulncheck_xdb 901 Inthewild 514 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,329 python 5,908 ruby 5,906 c 3,561 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 88 go 53 postscript 25 xml 24