Exploitdb Exploits
4,733 exploits tracked across all sources.
PotPlayer <1.5.40688 - Memory Corruption
PotPlayer 1.5.40688: .avi File Memory Corruption
by ariarat
CVSS 7.8
Gretech GOM Media Player <2.2.56.5158 - Memory Corruption
Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file.
by ariarat
Code-crafters Ability Mail Server - XSS
Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
by David Um
VUPlayer 2.49 - '.m3u' File Universal Buffer Overflow (DEP Bypass) (2)
by Morteza Hashemi
PotPlayer 1.5.42509 Beta - Integer Division by Zero Denial of Service
by sajith
Linux kernel < 3.12 - Info Disclosure
The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.
by Mathy Vanhoef
Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection
by Filip Waeytens
Dlink Dsr-150 Firmware < 1.08b44 - SQL Injection
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.
by 0_o
CVSS 9.8
Microsoft Windows XP/Server 2003 - Privilege Escalation
NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.
by ryujin
CVSS 7.8
Kingsoft Office 2012 - Memory Corruption
Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as used in Kingsoft Office 2013 before 9.1.0.4256, allows remote attackers to execute arbitrary code via a long font name in a WPS file.
by Julien Ahrens
ZIP Password Recovery Professional 5.1 - '.zip' Crash (PoC)
by KAI
Zend-Framework - Full Information Disclosure
by Ariel Orellana
TP-Link TL-WR740N / TL-WR740ND 150M Wireless Lite N Router - HTTP Denial of Service
by Dino Causevic
CoolPlayer+ Portable 2.19.4 - Local Buffer Overflow
by Mike Czumak
Videocharge Watermark Master - Memory Corruption
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file.
by Mike Czumak
Google Android <4.4 - Code Injection
Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability
by Jay Freeman
CVSS 9.8
Videocharge Watermark Master - Memory Corruption
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.
by metacom
PHP <5.3.13 & <5.4.3 - DoS
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
by noptrix
VideoCharge Studio 2.12.3.685 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in VideoCharge Studio 2.12.3.685 when processing a specially crafted .VSC configuration file. The issue occurs due to improper handling of user-supplied data in the XML 'Name' attribute, leading to an SEH overwrite condition. An attacker can exploit this vulnerability by convincing a user to open a malicious .VSC file, resulting in arbitrary code execution under the context of the user.
by metacom
Beetel Connection Manager PCW_BTLINDV1.0.0B04 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overwrite the Structured Exception Handler (SEH), leading to arbitrary code execution when the application processes the file.
by metacom
Dolibarr ERP/CRM 3.4.0 - 'exportcsv.php?sondage' SQL Injection
by drone
Level One Enterprise Access Point (Multiple Devices) - 'backupCfg.cgi' Security Bypass
by Richard Weinberger
Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Local Buffer Overflow (SEH)
by metacom
By Source