Exploitdb Exploits
4,724 exploits tracked across all sources.
Faststone Image Viewer < 7.5 - Out-of-Bounds Write
FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file.
by Paolo Stagno
CVSS 7.8
GeoGebra Graphing Calculator <6.0.631.0 - DoS
GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. Attackers can generate a payload of 8000 repeated characters to overwhelm the input field and cause the application to become unresponsive.
by Brian Rodriguez
CVSS 7.5
GeoGebra Classic <5.0.631.0-d - DoS
GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. Attackers can generate a large buffer of 800,000 repeated characters and paste it into the 'Entrada:' input field to trigger an application crash.
by Brian Rodriguez
CVSS 7.5
GeoGebra CAS Calculator <6.0.631.0 - DoS
GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a payload with 8000 repeated characters and paste it into the calculator's input field to trigger an application crash.
by Brian Rodriguez
CVSS 9.8
Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution (File Upload + SQL injection)
by Christian Vierschilling
Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure
by Berkan Er
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by F5
CVSS 9.1
Monitoring System (Dashboard) 1.0 - File Upload RCE (Authenticated)
by Richard Jones
Nsasoft US LLC SpotAuditor <5.3.5 - Buffer Overflow
An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering.
by Enes Özeser
CVSS 7.5
Microsoft Exchange Server - Path Traversal
Microsoft Exchange Server Remote Code Execution Vulnerability
by testanull
CVSS 7.8
Atlassian Data Center < 7.13.6 - Information Disclosure
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.
by Dolev Farhi
CVSS 5.3
Golden FTP Server <1.92 - Buffer Overflow
Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affected. NOTE: the USER vector is already covered by CVE-2005-0634.
by 1F98D
Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)
by Christian Vierschilling
Textpattern <4.8.3 - Authenticated RCE
Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell command execution payload and execute arbitrary commands by accessing the uploaded file through a specific URL parameter.
by Ricardo Ruiz
CVSS 8.8
AnyDesk <5.5.3 - RCE
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
by scryh
CVSS 9.8
Tt-rss Tiny Tiny Rss < 2020-09-16 - Improper Input Validation
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.
by Daniel Neagaru
CVSS 9.8
WiFi Mouse - RCE
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
by H4rk3nz0
CVSS 9.8
Online Catering Reservation System 1.0 - Remote Code Execution (Unauthenticated)
by Christian Vierschilling
Covid-19 Contact Tracing System 1.0 - Remote Code Execution (Unauthenticated)
by Christian Vierschilling
Vmware Cloud Foundation < 3.10.1.2 - Path Traversal
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
by Photubias
CVSS 9.8
Remote Desktop Web Access - Authentication Timing Attack (Metasploit Module)
by Matthew Dunn
Unified Remote 3.9.0.2463 - RCE
Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download and execute malicious payloads.
by H4rk3nz0
CVSS 9.8
Nsasoft US LLC SpotAuditor <5.3.5 - Buffer Overflow
An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering.
by Sinem Şahin
CVSS 7.5
SpotAuditor 5.3.5 - 'multiple' Denial Of Service (PoC)
by Sinem Şahin
By Source