Exploitdb Exploits
4,724 exploits tracked across all sources.
Rubo DICOM Viewer 2.0 - Buffer Overflow
Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by overwriting SEH and triggering remote code execution.
by bzyo
CVSS 9.8
Nsauditor 3.0.28-3.2.1.0 - RCE
Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a carefully constructed exploit.
by Cervoise
CVSS 9.8
CODE::BLOCKS 16.01 - Buffer Overflow
CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist file with 536 bytes of buffer and shellcode to trigger remote code execution.
by T3jv1l
CVSS 5.5
Easy MPEG to DVD Burner 1.7.11 - Buffer Overflow (SEH + DEP)
by Bailey Belisario
B64dec 1.1.2 - Buffer Overflow
B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to inject and execute malicious code during base64 decoding process.
by Andy Bowden
CVSS 9.8
Oracle Coherence 3.7.1.0/12.1.3.0.0/12.2.1.3-4 - RCE
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by nu11secur1ty
CVSS 9.8
Free Desktop Clock 3.0 - Buffer Overflow
Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler (SEH) registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and potentially execute arbitrary code.
by boku
CVSS 9.8
TVT Nvms-1000 Firmware - Path Traversal
TVT NVMS-1000 devices allow GET /.. Directory Traversal
by Mohin Paramasivam
CVSS 7.5
AbsoluteTelnet 11.12 - 'SSH1/username' Denial of Service (PoC)
by chuyreds
Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal
by Basim Alabdullah
Amcrest - Buffer Overflow
Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.
by Jacob Baines
CVSS 8.8
ZOC Terminal 7.25.5 - DoS
ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. Attackers can generate an oversized script with 20,000 repeated characters to trigger an application crash and cause a denial of service.
by chuyreds
CVSS 6.2
Dnsmasq-utils <2.79-1 - Buffer Overflow
Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcp_release process by sending a crafted input string longer than 16 characters.
by JosueEncinar
CVSS 5.5
Bolt CMS <3.7.0 - Authenticated RCE
Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend templates. The attacker can then list and rename cached session files via the /async/browse/cache/.sessions and /async/folder/rename endpoints. By renaming a .session file to a path under the publicly accessible /files/ directory with a .php extension, the attacker can turn the injected code into an executable web shell. Finally, the attacker triggers the payload via a crafted HTTP GET request to the rogue file.
NOTE: The vendor announced that Bolt 3 reached end-of-life after 31 December 2021.
by r3m0t3nu11
CVSS 8.8
UltraVNC Viewer 1.2.4.0 - DoS
UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload and paste it into the VNC Server connection dialog to trigger an application crash.
by chuyreds
CVSS 7.5
UltraVNC Launcher 1.2.4.0 - DoS
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash.
by chuyreds
CVSS 7.5
UltraVNC Launcher 1.2.4.0 - DoS
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal launcher functionality.
by chuyreds
CVSS 6.2
Nsauditor Product Key Explorer <4.2.2.0 - DoS
Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can generate a payload of 1000 bytes of repeated characters and paste it into the 'Key' input field to trigger the application crash.
by 0xMoHassan
CVSS 6.2
Nsauditor 3.2.0.0 - DoS
Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes of repeated characters to trigger an application crash when pasted into the registration name field.
by 0xMoHassan
CVSS 7.5
Triologic Media Player 8 - '.m3l' Buffer Overflow (Unicode) (SEH)
by Felipe Winsnes
By Source