Exploitdb Exploits
50,076 exploits tracked across all sources.
Foscam Video Management System 1.1.4.9 - Denial of Service via Username Input Buffer Overflow
Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of repeated 'A' characters to trigger an application crash during device login.
by chuyreds
CVSS 7.5
Crystal Live HTTP Server 6.01 - Path Traversal
Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequences to navigate outside the web root and retrieve sensitive configuration files like Windows system files.
by numan türle
CVSS 7.5
Centova Cast 3.2.11 - Path Traversal
Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using curl and wget requests.
by DroidU
CVSS 8.8
Wondershare MobileGo 8.5.0 - Privilege Escalation
Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators group with full system access.
by ZwX
CVSS 7.8
NCP Secure Entry Client 9.2 - Code Injection
NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that would execute with LocalSystem privileges during service startup.
by Akif Mohamed Ik
CVSS 7.8
Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path
by Luis Martínez
ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path
by Olimpia Saucedo
TemaTres 3.0 - Privilege Escalation
TemaTres 3.0 allows remote unprivileged users to create an administrator account
by Pablo Santiago
CVSS 9.8
TemaTres 3.0 - Stored Cross-Site Scripting via value Parameter
TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI.
by Pablo Santiago
CVSS 5.4
nipper-ng 0.11.10 - Remote Code Execution or Denial of Service via Crafted Firewall Configuration File
A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.
by Guy Levin
CVSS 7.8
Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service (PoC)
by Luis Martínez
Lexmark Services Monitor <2.27.4.0.39 - Path Traversal
In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system.
by Kevin Randall
CVSS 7.5
Shrew Soft VPN Client 2.2.2 - Privilege Escalation
Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables in the unquoted service path to gain elevated access during service startup or system reboot.
by D.Goedecke
CVSS 7.8
oXygen XML Editor 21.1.1 - XML External Entity Injection
by Pablo Santiago
Windows UPnP Service - Privilege Escalation via COM Object Creation
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
by TomahawkAPT69
CVSS 7.8
SibSoft Xfilesharing <2.5.1 - Path Traversal
SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files.
by Noman Riffat
CVSS 7.5
gSOAP 2.8 - Unauthenticated Path Traversal via HTTP GET Request
gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal sequences.
by numan türle
CVSS 7.5
Fastweb Askey RTV1907VW Firmware 0.00.81_FW_200_Askey - OS Command Injection via USB Remove Service Mount Parameter
An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter.
by Riccardo Gasparini
CVSS 9.8
FUDForum 3.0.9 - Stored Cross-Site Scripting and Remote Code Execution via User-Agent Header
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.
by liquidsky
CVSS 9.0
Technicolor TD5130v2 Firmware - OS Command Injection via Ping Module pingAddr Parameter
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017–14127.
by João Teles
CVSS 7.2
Technicolor TC7300.B0 - 'hostname' Persistent Cross-Site Scripting
by Luis Santana
Control Center PRO 6.2.9 - Buffer Overflow
Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious payload exceeding 664 bytes to inject shellcode and potentially execute arbitrary code on vulnerable Windows systems.
by sasaga92
CVSS 8.4
By Source