Exploitdb Exploits
4,762 exploits tracked across all sources.
ARD-9808 DVR - DoS
The ARD-9808 DVR card security camera allows remote attackers to cause a denial of service via a long URI composed of //.\ (slash slash dot backslash) sequences.
by Stack
B Labs Bopup Comm Server <3.2.26.5460 - Buffer Overflow
Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.
by His0k4
HT-MP3Player 1.0 - Buffer Overflow
Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a .ht3 file.
by His0k4
BookFlip 2.1 - SQL Injection
SQL injection vulnerability in the BookFlip (com_bookflip) component 2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter to index.php.
by boom3rang
Joomla! - SQL Injection
SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to execute arbitrary SQL commands via the task parameter in a showpic action to index.php.
by Stack
AlumniServer 1.0.1 - 'resetpwemail' Blind SQL Injection
by YEnH4ckEr
HP Data Protector Express <4.6.5-3.4.7 - DoS
Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets.
by Nibin
Zen Cart <1.3.8a-1.3.8 - SQL Injection
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue.
by BlackH
FretsWeb 1.2 - SQL Injection
Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php.
by YEnH4ckEr
compface <1.5.2 - Buffer Overflow
Buffer overflow in compface 1.5.2 and earlier allows user-assisted attackers to cause a denial of service (crash) via a long declaration in a .xbm file. NOTE: this issue only affects compface on distributions that used a certain patch.
by metalhoney
Apple Itunes < 8.1.1 - Memory Corruption
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
by ryujin
LightNEasy sql/no-db 2.2.x - System Configuration Disclosure
by StAkeR
Free Download Manager 2.5/3.0 - Control Server Remote Buffer Overflow
by His0k4
Apple Cups < 1.3.10 - Use of Uninitialized Resource
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.
by Anibal Sacco
CVSS 7.5
ASP Football Pool 2.3 - Info Disclosure
ASP Football Pool 2.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for NFL.mdb.
by ByALBAYX
Slsknet Soulseek - Memory Corruption
Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote attackers to execute arbitrary code via a long search query.
by His0k4
Slayer 2.4 - 'skin' Universal Buffer Overflow (SEH)
by SuNHouSe2
Nullsoft Winamp < 5.55 - Numeric Error
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
by His0k4
Joomla Com Casiino Blackjack - SQL Injection
SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
by ByALBAYX
httpdx 0.5b - FTP Server (CWD) Remote Buffer Overflow (SEH)
by His0k4
httpdx 0.5b - FTP Server (USER) Remote Buffer Overflow (SEH)
by His0k4
Sonicspot Audioactive Player - Memory Corruption
Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b allows remote attackers to execute arbitrary code via a long string in a playlist file, as demonstrated by a long .mp3 URL in a .m3u file.
by His0k4
By Source