Exploitdb Exploits
2,809 exploits tracked across all sources.
CoolPlayer 2.19 - 'PlaylistSkin' Local Buffer Overflow
by Jeremy Brown
Cain & Abel 4.9.25 - 'Cisco IOS-MD5' Local Buffer Overflow
by send9
Winamp 5.541 - gen_msn.dll Buffer Overflow
Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third party information.
by SkD
Perception LiteServe 2.0.1 - 'user' Remote Buffer Overflow (PoC)
by Houssamix
Goople CMS < 1.8.2 - SQL Injection via Username Parameter
SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
by darkjoker
Rosoft Media Player 4.2.1 - Local Buffer Overflow
by Encrypt3d.M!nd
Goople CMS 1.8.2 - SQL Injection via Password Parameter
SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by darkjoker
Phoca com_phocadocumentation - SQL Injection via id Parameter
SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php.
by EcHoLL
Joomla! Component com_na_newsdescription - 'newsid' SQL Injection
by EcHoLL
Cybershade CMS 0.2b - Remote Code Execution via THEME_header and THEME_footer Parameters
Multiple PHP remote file inclusion vulnerabilities in index.php in Cybershade CMS 0.2b, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) THEME_header and (2) THEME_footer parameters.
by JosS
Destiny Media Player 1.61 - '.lst' Local Buffer Overflow (4)
by Stack
Destiny Media Player 1.61 - '.lst' Local Buffer Overflow (3)
by Houssamix
Destiny Media Player 1.61 - '.lst' Local Buffer Overflow (2)
by sCORPINo
Pirate Radio Destiny Media Player 1.61 - Stack-Based Buffer Overflow via .pls Playlist File
Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.
by Encrypt3d.M!nd
PNphpBB2 <= 1.2i - Remote File Inclusion via ModName Parameter
Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ModName parameter to (1) admin_words.php, (2) admin_groups_reapir.php, (3) admin_smilies.php, (4) admin_ranks.php, (5) admin_styles.php, and (6) admin_users.php in admin/.
by StAkeR
Pirate Radio Destiny Media Player 1.61 - Stack-Based Buffer Overflow via .pls Playlist File
Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.
by Encrypt3d.M!nd
Pirate Radio Destiny Media Player 1.61 - Stack-Based Buffer Overflow via .pls Playlist File
Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.
by aBo MoHaMeD
Elecard MPEG Player <5.5 - Buffer Overflow
Stack-based buffer overflow in Elecard MPEG Player 5.5 build 15884.081218 allows remote attackers to execute arbitrary code via a M3U file containing a long URL.
by aBo MoHaMeD
Audacity < 1.3.6 - Stack-based Buffer Overflow in String_parse::get_nonspace_quoted
Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string.
by Houssamix
PHPFootball 1.6 - Exposure of Sensitive Information via dbtable and dbfield Parameters
filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some sources, but the provenance of that information is unknown.
by KinG-LioN
Apple Safari 3.2 - Denial of Service via Long ALINK Attribute
Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document.
by Jeremy Brown
By Source