Exploitdb Exploits
4,733 exploits tracked across all sources.
ModSecurity <2.7.4 - DoS
The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
by Younes JAAIDI
Intrasrv Simple Web Server 1.0 - Remote Code Execution (SEH)
by xis_one
TP-Link WR842ND - Remote Multiple SSID Directory Traversals
by Adam Simuntis
Kimai <0.9.2.x - SQL Injection
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to remote code execution by writing a PHP payload to the web-accessible temporary directory. The vulnerability has been confirmed in versions including 0.9.2.beta, 0.9.2.1294.beta, and 0.9.2.1306-3.
by drone
Ophcrack 3.5.0 - Code Execution Local Buffer Overflow
by xis_one
F5 Nginx < 1.4.0 - Out-of-Bounds Write
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
by Mert SARICA
Vercot Serva32 - Memory Corruption
Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in a read request.
by Sapling
No-IP Dynamic Update Client (DUC) 2.1.9 - Local IP Address Stack Overflow
by Alberto Ortega
Lan Messenger - sending PM 'UNICODE' Overwrite Buffer Overflow (SEH)
by ariarat
Moinmoin < 1.9.5 - Unrestricted File Upload
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.
by HTP
Moinmoin < 1.9.5 - Path Traversal
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.
by HTP
Adobe ColdFusion <10 - Info Disclosure
Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.
by HTP
ABBS Audio Media Player 3.1 - '.lst' Local Buffer Overflow
by Julien Ahrens
Powersoftware Winarchiver - Memory Corruption
Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file.
by RealPentesting
Fuzezip - Out-of-Bounds Write
FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability
by RealPentesting
CVSS 7.8
Elecard MPEG Player - '.m3u' File Buffer Overflow
by metacom
Light HTTPd 0.1 - RCE
Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
by Jacob Holcomb
Aultware Pwstore - Denial of Service
AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request
by Josep Pi Rodriguez
CVSS 7.5
By Source