Exploitdb Exploits
2,814 exploits tracked across all sources.
Mini-stream Ripper - Memory Corruption
Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long entry in a .pls file.
by jacky
M.J.M. Quick Player 1.2 - Local Stack Buffer Overflow
by corelanc0d3r
JetAudio Basic 7.5.5.25 - '.asx' Buffer Overflow (PoC)
by D3V!L FUCKER
Cowon America Jetaudio Basic < 7.0.5 - Memory Corruption
Stack-based buffer overflow in COWON America jetAudio 7.0.5 and earlier allows user-assisted remote attackers to execute arbitrary code via a long URL in a .asx file, a different vulnerability than CVE-2007-5487.
by D3V!L FUCKER
CastRipper 2.50.70 (Windows XP SP3) - '.pls' Local Stack Buffer Overflow
by d3b4g
PlayMeNow - '.m3u' Universal XP Buffer Overflow (SEH)
by ThE g0bL!N
Mini-stream Easy RM TO Mp3 Converter - Memory Corruption
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
by d3b4g
CoolPlayer <2.18 - Buffer Overflow
Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file.
by data$hack
Simple PHP Blog <0.5.1 - Path Traversal
Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter.
by jgaliana
PlayMeNow - '.M3U' Playlist Buffer Overflow (SEH)
by ThE g0bL!N
Woltlab Burningboard Addon Kleinanzeigenmarkt - SQL Injection
by fred777
Mini-stream RM Downloader - Memory Corruption
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
by Vinod Sharma
Array index error - DoS
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
by Maksymilian Arciemowicz & sp3x
Ezsoftmagic Mp3 Audio Converter - Buffer Overflow
EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a buffer overflow.
by Vinod Sharma
CVSS 9.8
Xenorate <2.50 - Buffer Overflow
Xenorate versions up to and including 2.50, a Windows-based multimedia player, is vulnerable to a stack-based buffer overflow when processing .xpl playlist files. The application fails to properly validate the length of input data, allowing an attacker to craft a malicious .xpl file that overwrites the Structured Exception Handler (SEH) and enables arbitrary code execution. Exploitation requires local interaction, typically by convincing a user to open the crafted file.
by germaya_x
gAlan 0.2.1 - Buffer Overflow
gAlan 0.2.1, a modular audio processing environment for Windows, is vulnerable to a stack-based buffer overflow when parsing .galan files. The application fails to properly validate the length of input data, allowing a specially crafted file to overwrite the stack and execute arbitrary code. Exploitation requires local interaction, typically by convincing a user to open the malicious file.
by Jeremy Brown
Polipo <1.0.4 - DoS
The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault.
by Jeremy Brown
Golden FTP Server <4.50 - Path Traversal
Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party information.
by sharpe
CVSS 8.1
Klinza Professional CMS <5.0.1 - Path Traversal
Directory traversal vulnerability in funzioni/lib/menulast.php in klinza professional cms 5.0.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG parameter.
by klinza
TUKEVA Password Reminder <1.0.0.4 - Info Disclosure
TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local users to discover credentials via a DBI connection.
by iqlusion
Novell eDirectory <8.8 SP5 - Buffer Overflow
Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk.
by karak0rsan
Apple Safari 4.0.3 - DoS
Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.
by Jeremy Brown
By Source