Exploitdb Exploits
4,759 exploits tracked across all sources.
VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' Man In The Middle Remote Code Execution
by Julien Ahrens
pcman's ftp server 2.0.7 - Unauthenticated Buffer Overflow via USER Command
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by Sumit
Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow (PoC)
by Mohamed Shetta
Linksys WRT120N 1.0.07 - Unauthenticated Stack-based Buffer Overflow via TM_Block_URL Parameter
A stack-based buffer overflow vulnerability exists in the tmUnblock.cgi endpoint of the Linksys WRT120N wireless router. The vulnerability is triggered by sending a specially crafted HTTP POST request with an overly long TM_Block_URL parameter to the endpoint. By exploiting this flaw, an unauthenticated remote attacker can overwrite memory in a controlled manner, enabling them to temporarily reset the administrator password of the device to a blank value. This grants unauthorized access to the router’s web management interface without requiring valid credentials.
by Craig Heffner
VideoCharge Studio - 'CHTTPResponse::GetHttpResponse()' Remote Stack Buffer Overflow
by Julien Ahrens
SolidWorks Workgroup PDM 2014 SP2 - Remote Code Execution via Long String in Opcode to Port 3000
Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 opcode to port 3000.
by Mohamed Shetta
Catia V5-6R2013 - 'CATV5_AllApplications' Stack Buffer Overflow (PoC)
by Mohamed Shetta
Dassault Systemes Catia V5-6R2013 - Buffer Overflow
Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks
by Mohamed Shetta
CVSS 9.8
Ultra Mini HTTPD 1.21 - Buffer Overflow
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
by Sumit
Open Web Analytics < 1.5.5 - SQL Injection via Password Reset Email Parameter
SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.
by Dana James Traversie
HP Storage Data Protector 6.2X - Remote Code Execution via Crafted EXEC_BAR Packet
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.
by Chris Graham
Qualcomm Eudora WorldMail 9.0.333.0 - Remote Code Execution via IMAPd UID Command
Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary code via a long string in a UID command.
by Muhammad Alharmeel
Joomla! Component com_community 2.6 - Code Execution
by Matias Fontanini
VLC Media Player < 2.1.3 - Denial of Service via ASF File Packet Size Handling
The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.
by Saif
pcman's ftp server 2.0.7 - Unauthenticated Buffer Overflow via USER Command
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by Mahmod Mahajna (Mahy)
pcman's ftp server 2.0.7 - Unauthenticated Buffer Overflow via USER Command
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by Mahmod Mahajna (Mahy)
haneWIN DNS Server 1.5.3 - Remote Buffer Overflow (SEH)
by Dario Estrada
Oracle Fusion Middleware 8.4.0-8.4.1 - Denial of Service in Outside In Filters
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is a stack-based buffer overflow in the Microsoft Access 1.x parser in vsacs.dll before 8.4.0.108 and before 8.4.1.52, which allows attackers to execute arbitrary code via a long field (aka column) name.
by Citadelo
mp3info 0.8.4 - Buffer Overflow via Long Command Line Argument
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability.
by jsacco
ASUS RT-N56U and RT-AC66U Firmware 3.0.0.4.374_979 - Remote Code Execution via apps_name or apps_flag Parameter
Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.
by Jacob Holcomb
By Source