Exploitdb Exploits
4,759 exploits tracked across all sources.
Symantec Web Gateway < 5.0.3 - Remote Code Execution via Management GUI Script Access
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
by muts
Novell NetWare Client 4.91 SP4 - Local Privilege Escalation via NICM.SYS IOCTL
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.
by sickness
RealVNC 4.1.1 - Unauthenticated Authentication Bypass via Insecure Security Type
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
by fdiskyou
Guitar Pro 6.1.1 r10791 - Denial of Service via Long String in GPX File
Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of service (crash) via a long string in a gpx file.
by condis
PHP < 5.3.13 and 5.4.x < 5.4.3 - Denial of Service via Malformed CGI Query String
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
by rayh4c
AnvSoft Any Video Converter 4.3.6 - Local Stack Overflow
by cikumel
SolarWinds Backup Profiler < 5.1.2 - SQL Injection via LoginServlet loginName Parameter
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.
by muts
CVSS 9.8
LAN Messenger 1.2.28 - Denial of Service via Long Initiation Request String
Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote attackers to cause a denial of service (crash) via a long string in an initiation request.
by Julien Ahrens
MikroTik RouterOS <= 5.15 - Denial of Service via Winbox DLL Download Request
The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll.
by PoURaN
Remote-Anything 5.60.15 - Remote Code Execution via Crafted FLM File
Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote attackers to execute arbitrary code via a crafted flm file.
by Saint Patrick
Nokia PC Suite <7.1.180.64 - Buffer Overflow
Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file.
by Senator of Pirates
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection
by Mehmet Ince
McAfee Web Gateway 7.1.5.x - 'Host' HTTP Header Security Bypass
by Gabriel Menezes Nunes
WICD < 1.7.2 - Unauthenticated Privilege Escalation via D-Bus SetWiredProperty
The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.
by anonymous
Mini-stream RM-MP3 Converter <3.1.2.1.2010.03.30 - Buffer Overflow
Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file.
by SkY-NeT SySteMs
Xion Audio Player 1.0.127 - '.aiff' Denial of Service
by condis
BlazeVideo HDTV Player Pro v6.6.0.3 - Buffer Overflow
BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. When parsing a crafted .plf file, the MediaPlayerCtrl.dll component invokes PathFindFileNameA() to extract a filename from a URL-like string. The returned value is then copied to a fixed-size stack buffer using an inline strcpy call without bounds checking. If the input exceeds the buffer size, this leads to a stack overflow and potential arbitrary code execution under the context of the user.
by b33f
FreePBX < 2.10 - Remote Code Execution via callmenum Parameter
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
by muts
Ricoh DL-1 SR10 < 1.1.0.6 - Remote Code Execution via Long USER Command
Buffer overflow in Ricoh DL FTP Server 1.1.0.6 and earlier allows remote attackers to execute arbitrary code via a long USER command.
by Julien Ahrens
Oreans WinLicense 2.1.8.0 - Memory Corruption, DoS
Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file.
by LiquidWorm
By Source