Exploitdb Exploits
4,762 exploits tracked across all sources.
Randomsoftware Icarus - Memory Corruption
Stack-based buffer overflow in Icarus 2.0 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted Portable Game Notation (.pgn) file.
by His0k4
Chasys Media Player 1.1 - '.pls' Local Stack Overflow (2)
by Encrypt3d.M!nd
Chasys Media Player 1.1 - '.pls' Local Stack Overflow
by His0k4
Chasys Media Player 1.1 - '.m3u' Local Stack Overflow
by Encrypt3d.M!nd
Chasys Media Player 1.1 - '.pls' Local Buffer Overflow (PoC) (SEH)
by zAx
Gomlab Gom Encoder < 1.0.0.11 - Memory Corruption
Heap-based buffer overflow in the Preview/ Set Segment function in Gretech GOMlab GOM Encoder 1.0.0.11 and earlier allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a long text field in a subtitle (.srt) file.
by Encrypt3d.M!nd
RainbowPlayer 0.91 - Playlist Universal Overwrite (SEH)
by His0k4
Realtek Sound Manager 1.15.0.0 - Playlist Overwrite (SEH)
by His0k4
Nokia MultiMedia Player 1.0 - Playlist Universal Overwrite (SEH)
by His0k4
EO Video <1.36 - Buffer Overflow
Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .eop (aka playlist) file with a ProjectElement element that contains a long Name element.
by His0k4
Media Commands - '.m3u' Universal Overwrite (SEH)
by His0k4
Microsoft Internet Explorer 7 - RCE
Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."
by Ahmed Obied
EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow (SEH)
by His0k4
Novastor Novanet - Memory Corruption
Stack-based buffer overflow in the DtbClsLogin function in NovaStor NovaNET 12 allows remote attackers to (1) execute arbitrary code on Linux platforms via a long username field during backup domain authentication, related to libnnlindtb.so; or (2) cause a denial of service (daemon crash) on Windows platforms via a long username field during backup domain authentication, related to nnwindtb.dll. NOTE: some of these details are obtained from third party information.
by AbdulAziz Hariri
Merak Media Player 3.2 - Buffer Overflow
Stack-based buffer overflow in Merak Media Player 3.2 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file, related to the status bar icon's tooltip. NOTE: some of these details are obtained from third party information.
by Encrypt3d.M!nd
Mediacommands Media Commands - Memory Corruption
Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3) TXT, and (4) LRC playlist file.
by His0k4
HTC Touch Cruise - Denial of Service
HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers to cause denial of service (CPU consumption, SMS consumption, and connectivity loss) via a flood of vCards to UDP port 9204.
by Mobile Security Lab
Wesnoth <1.5.11 - RCE
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.
by Wesnoth
Microsoft Internet Explorer 7 - Uninitialized Memory Corruption
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
by David Kennedy (ReL1K)
Microsoft Internet Explorer 7 - RCE
Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."
by David Kennedy (ReL1K)
TYPO3 <4.0.12-4.3alpha1 - Info Disclosure
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
by Lolek
UltraVNC 1.0.2-1.0.5 & TightVnc 1.3.9 - DoS/Code Injection
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.
by desi
PyCrypto ARC2 2.0.1 - Buffer Overflow
Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length.
by Mike Wiacek
By Source