Exploitdb Exploits
4,759 exploits tracked across all sources.
Snack Sound Toolkit - Heap-based Buffer Overflow in GetWavHeader
Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.
by Jean Pascal Pereira
Symantec pcAnywhere 12.5.x-12.5.3 & IT Management Suite 7.0-7.1 - RCE via TCP Port 5631
The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.
by S2 Crew
Investintech.com Able2Extract - DoS/Code Injection
Unspecified vulnerability in Investintech.com Able2Extract and Able2Extract Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document.
by Carlos Mario Penagos Hollmann
WellinTech KingView < 6.53 - Remote Code Execution via Crafted TCP Packet
Stack-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555.
by Carlos Mario Penagos Hollmann
Investintech.com Able2Extract - DoS/Code Injection
Unspecified vulnerability in Investintech.com Able2Extract and Able2Extract Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document.
by Carlos Mario Penagos Hollmann
Investintech.com Able2Extract - DoS/Code Injection
Unspecified vulnerability in Investintech.com Able2Extract and Able2Extract Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document.
by Carlos Mario Penagos Hollmann
Sysax 5.62 - Admin Interface Local Buffer Overflow
by Craig Freyman
HP Data Protector - Remote Code Execution via EXEC_SETUP Command
The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.
by Ben Turner
EZHomeTech Ezserver 6.4 - Remote Stack Overflow
by modpr0be
Useresponse 1.0.2 - Privilege Escalation / Remote Code Execution
by mr_me
XM Easy Personal FTP Server 5.3.0 - Buffer Overflow
Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728.
by mr_me
Adobe Illustrator < CS6 - Memory Corruption
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026.
by Felipe Andres Manzano
Edimax IC-3030iWn - UDP Packet Password Information Disclosure
by y3dips
Apple iTunes <10.6.3 - Buffer Overflow
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.
by LiquidWorm
Oracle MySQL 5.1.x < 5.1.63, 5.5.x < 5.5.24, 5.6.x < 5.6.6 - Authentication Bypass via Repeated Failed Authentication
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
by David Kennedy (ReL1K)
F5 BIG-IP Multiple Versions - Unauthenticated SSH Login via Shared Private Key
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.
by David Kennedy (ReL1K)
Lattice Semiconductor PAC-Designer <6.2.1344 - Buffer Overflow
Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file.
by b33f
Audio Editor Master 5.4.1.217 - Denial of Service
by Onying
Bigware Shop 2.1x - 'main_bigware_54.php' SQL Injection
by rwenzel
WHMCompleteSolution (WHMCS) - 'boleto_bb.php' SQL Injection
by dex
By Source