Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25353 EXPLOITDB HIGH python
Foscam Video Management System 1.1.4.9 - Denial of Service via Username Input Buffer Overflow
Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of repeated 'A' characters to trigger an application crash during device login.
by chuyreds
CVSS 7.5
CVE-2019-25352 EXPLOITDB HIGH text
Crystal Live HTTP Server 6.01 - Path Traversal
Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequences to navigate outside the web root and retrieve sensitive configuration files like Windows system files.
by numan türle
CVSS 7.5
CVE-2019-25351 EXPLOITDB HIGH bash
Centova Cast 3.2.11 - Path Traversal
Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using curl and wget requests.
by DroidU
CVSS 8.8
CVE-2019-25344 EXPLOITDB HIGH text
Wondershare MobileGo 8.5.0 - Privilege Escalation
Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators group with full system access.
by ZwX
CVSS 7.8
CVE-2019-25281 EXPLOITDB HIGH text
NCP Secure Entry Client 9.2 - Code Injection
NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that would execute with LocalSystem privileges during service startup.
by Akif Mohamed Ik
CVSS 7.8
EIP-2026-117128 EXPLOITDB text
Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path
by Luis Martínez
EIP-2026-116823 EXPLOITDB text
ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path
by Olimpia Saucedo
CVE-2019-14345 EXPLOITDB CRITICAL text
TemaTres 3.0 - Privilege Escalation
TemaTres 3.0 allows remote unprivileged users to create an administrator account
by Pablo Santiago
CVSS 9.8
CVE-2019-14343 EXPLOITDB MEDIUM text
TemaTres 3.0 - Stored Cross-Site Scripting via value Parameter
TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI.
by Pablo Santiago
CVSS 5.4
CVE-2019-17424 EXPLOITDB HIGH python
nipper-ng 0.11.10 - Remote Code Execution or Denial of Service via Crafted Firewall Configuration File
A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.
by Guy Levin
CVSS 7.8
EIP-2026-102177 EXPLOITDB python
Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service (PoC)
by Luis Martínez
CVE-2019-16758 EXPLOITDB HIGH text
Lexmark Services Monitor <2.27.4.0.39 - Path Traversal
In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system.
by Kevin Randall
CVSS 7.5
CVE-2019-25283 EXPLOITDB HIGH text
Shrew Soft VPN Client 2.2.2 - Privilege Escalation
Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables in the unquoted service path to gain elevated access during service startup or system reboot.
by D.Goedecke
CVSS 7.8
EIP-2026-117741 EXPLOITDB text
oXygen XML Editor 21.1.1 - XML External Entity Injection
by Pablo Santiago
CVE-2019-1405 EXPLOITDB HIGH
Windows UPnP Service - Privilege Escalation via COM Object Creation
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
by TomahawkAPT69
CVSS 7.8
CVE-2019-18951 EXPLOITDB HIGH text
SibSoft Xfilesharing <2.5.1 - Path Traversal
SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files.
by Noman Riffat
CVSS 7.5
EIP-2026-101079 EXPLOITDB text
Siemens Desigo PX 6.00 - Denial of Service (PoC)
by LiquidWorm
CVE-2019-25355 EXPLOITDB HIGH text
gSOAP 2.8 - Unauthenticated Path Traversal via HTTP GET Request
gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal sequences.
by numan türle
CVSS 7.5
CVE-2019-12489 EXPLOITDB CRITICAL python
Fastweb Askey RTV1907VW Firmware 0.00.81_FW_200_Askey - OS Command Injection via USB Remove Service Mount Parameter
An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter.
by Riccardo Gasparini
CVSS 9.8
EIP-2026-117899 EXPLOITDB text
ScanGuard Antivirus 2020 - Insecure Folder Permissions
by hyp3rlinx
CVE-2019-18873 EXPLOITDB CRITICAL text
FUDForum 3.0.9 - Stored Cross-Site Scripting and Remote Code Execution via User-Agent Header
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.
by liquidsky
CVSS 9.0
CVE-2019-18396 EXPLOITDB HIGH text
Technicolor TD5130v2 Firmware - OS Command Injection via Ping Module pingAddr Parameter
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017–14127.
by João Teles
CVSS 7.2
EIP-2026-102033 EXPLOITDB python
Technicolor TC7300.B0 - 'hostname' Persistent Cross-Site Scripting
by Luis Santana
EIP-2026-101833 EXPLOITDB python
Linear eMerge E3 1.00-06 - Remote Code Execution
by LiquidWorm
CVE-2019-25357 EXPLOITDB HIGH python
Control Center PRO 6.2.9 - Buffer Overflow
Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious payload exceeding 664 bytes to inject shellcode and potentially execute arbitrary code on vulnerable Windows systems.
by sasaga92
CVSS 8.4