muts

77 exploits Active since May 2003
CVE-2006-3912 EXPLOITDB python WORKING POC
WinRAR - Stack-based Buffer Overflow in SFX Module
Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact.
EIP-2026-117769 EXPLOITDB php WORKING POC
PHP 6.0 Dev - 'str_transliterate()' Local Buffer Overflow
EIP-2026-117064 EXPLOITDB python WORKING POC
DivX Player 6.6.0 - '.srt' File Buffer Overflow (SEH)
EIP-2026-116346 EXPLOITDB text WORKING POC
Sun Java Web Server 7.0 u7 - Admin Interface Denial of Service
CVE-2007-1912 EXPLOITDB text WORKING POC
Microsoft Windows - Heap-Based Buffer Overflow via Crafted HLP File
Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file.
EIP-2026-116031 EXPLOITDB python WORKING POC
PacketTrap Networks pt360 2.0.39 TFTPD - Remote Denial of Service
EIP-2026-115958 EXPLOITDB python WORKING POC
Novel eDirectory HTTP - Denial of Service
CVE-2007-1911 EXPLOITDB text WRITEUP
Microsoft Word 2007 - Denial of Service via Crafted Document
Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
CVE-2008-1855 EXPLOITDB python WORKING POC
McAfee CMA 3.6.0.574 - Memory Corruption
FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274.
EIP-2026-114980 EXPLOITDB python WORKING POC
BaSoMail - Multiple Buffer Overflow (Denial of Service) (PoC) Vulnerabilities
CVE-2012-3435 EXPLOITDB python WORKING POC
Zabbix < 1.8.15 - SQL Injection via itemid Parameter
SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
CVE-2012-2570 EXPLOITDB text WORKING POC
X-Cart Gold 4.5 - Cross-Site Scripting via products_map.php symb Parameter
Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter.
CVE-2012-2961 EXPLOITDB text WORKING POC
Symantec Web Gateway <5.0.3.18 - SQL Injection
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-4869 EXPLOITDB python WORKING POC
FreePBX < 2.10 - Remote Code Execution via callmenum Parameter
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
CVE-2012-4869 EXPLOITDB ruby WORKING POC
FreePBX < 2.10 - Remote Code Execution via callmenum Parameter
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
CVE-2012-2962 EXPLOITDB python WORKING POC
Plixer Scrutinizer <9.5.2 - SQL Injection
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.
CVE-2012-3835 EXPLOITDB python WORKING POC
AlienVault OSSIM 3.1 - Cross-Site Scripting via URL Parameter or Time Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.
CVE-2018-1160 EXPLOITDB CRITICAL python WORKING POC
netatalk < 3.1.12 - Unauthenticated Out-of-bounds Write in dsi_opensess.c
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
CVSS 9.8
CVE-2012-0297 EXPLOITDB python WORKING POC
Symantec Web Gateway < 5.0.3 - Remote Code Execution via Management GUI Script Access
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
CVE-2012-2957 EXPLOITDB python WORKING POC
Symantec Web Gateway <5.0.3.18 - Privilege Escalation
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue.
CVE-2012-2574 EXPLOITDB python WORKING POC
Symantec Web Gateway <5.0.3.18 - SQL Injection
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue.
CVE-2012-2593 EXPLOITDB MEDIUM python WORKING POC
Atmail Webmail Server 6.4 - Cross-Site Scripting via Email Date Field
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.
CVSS 6.1
CVE-2012-2953 EXPLOITDB python WORKING POC
Symantec Web Gateway <5.0.3.18 - RCE
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.
CVE-2012-0297 EXPLOITDB ruby WORKING POC
Symantec Web Gateway < 5.0.3 - Remote Code Execution via Management GUI Script Access
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
CVE-2012-2953 EXPLOITDB ruby WORKING POC
Symantec Web Gateway <5.0.3.18 - RCE
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.