Exploitdb Exploits
2,814 exploits tracked across all sources.
ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC)
by Robbie Corley
AutoCAD DWG and DXF To PDF Converter 2.2 - Local Buffer Overflow
by Robbie Corley
Boxoft Wav TO Mp3 Converter - Memory Corruption
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file.
by Robbie Corley
PFTP Server 8.0f Lite - textfield Local Buffer Overflow (SEH) (PoC)
by Robbie Corley
Microsoft Office 2007 - 'msxml5.dll' Crash (PoC)
by Mohammad Reza Espargham
Viber 4.2.0 - Non-Printable Characters Handling Denial of Service
by Mohammad Reza Espargham
KMPlayer 3.9.x - '.srt' Crash (PoC)
by Peyman Motevalli Manesh
Counter-Strike 1.6 - 'GameInfo' Query Reflection Denial of Service (PoC)
by Todor Donev
UPNPD M-SEARCH - ssdp:discover Reflection Denial of Service
by Todor Donev
NTPD - MON_GETLIST Query Amplification Denial of Service
by Todor Donev
Miniupnpd - Memory Corruption
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
by Todor Donev
D-Link DSL-2760U Gateway - XSS
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.
by XLabs Security
CVSS 5.4
D-Link DSL-2760U Gateway - XSS
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.
by XLabs Security
CVSS 5.4
OTRS <3.1.20-3.3.5 - XSS
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.
by Adam Ziaja
Quick Search 1.1.0.189 - search textbox Buffer Overflow (SEH Unicode) (Egghunter)
by Tomislav Paskalev
Cleanersoft Free Mp3 CD Ripper < 2.6 - Memory Corruption
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file.
by ThreatActor
MooPlayer 1.3.0 - 'm3u' Local Buffer Overflow (SEH) (2)
by Tomislav Paskalev
FastStone Image Viewer 5.3 - '.tga' Crash (PoC)
by ITDefensor Vulnerability Research Team
D-Link DSL-2730B - XSS
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
by XLabs Security
D-Link DSL-2730B - XSS
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
by XLabs Security
D-Link DSL-2730B - XSS
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
by XLabs Security
By Source