Exploitdb Exploits
2,809 exploits tracked across all sources.
vBulletin 5.0.0 Beta 11 and earlier - Authenticated SQL Injection via nodeid Parameter
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter.
by Orestis Kourides
StarVedia IPCamera IC502w IC502w+ v020313 - 'Username'/Password Disclosure
by Todor Donev
DELL SonicWALL Analyzer 7.0, GMS 4.1-7.0, UMA 5.1-7.0, ViewPoint 4.1-6.0 - Authentication Bypass
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
by Nikolas Sotiriu
CVSS 9.8
Oracle MySQL 5.5.0-5.5.28 & MariaDB 5.2.0-5.2.13 - Brute Force via Insufficient Salt Rotation
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
by kingcope
Oracle MySQL <5.5.38 & MariaDB <5.5.28a - Info Disclosure
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
by kingcope
MySQL <5.5.19 & MariaDB <5.5.28a - Privilege Escalation
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
by kingcope
Oracle MySQL <5.5.28 & MariaDB <5.5.28a - RCE
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
by kingcope
Oracle MySQL <5.5.29 - Buffer Overflow
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
by kingcope
mcrypt < 2.6.8 - Stack-Based Buffer Overflow via Encrypted File Header
Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption.
by Tosh
Media Player Classic (MPC) 1.5 - WebServer Request Handling Remote Denial of Service
by X-Cisadane
TP-Link TL-WR841N Router - Local File Inclusion
by Matan Azugi
Microsoft Windows Help Program - 'WinHlp32.exe' Crash (PoC)
by coolkaveh
KMPlayer 3.0.0.1440 - '.avi' File Local Denial of Service
by Am!r
Joomla! Component com_kunena - 'search' SQL Injection
by D35m0nd142
Huawei UTPS 1.0 - Buffer Overflow via IDS_PLUGIN_NAME in Plugin Configuration File
Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file.
by Dark-Puzzle
Microsoft Windows Media Player 10 - '.avi' Integer Division By Zero Crash (PoC)
by Dark-Puzzle
VLC media player 2.0.3 - Denial of Service via Crafted PNG File
libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.
by Jean Pascal Pereira
Microsoft Excel and Excel Viewer - Denial of Service via Crafted Spreadsheet File
Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
by Jean Pascal Pereira
By Source