Exploitdb Exploits

4,724 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25588 EXPLOITDB MEDIUM python
BulletProof FTP Server 2019.0.0.50 Denial of Service via DNS Address
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes to trigger a crash when the Test function is invoked.
by Victor Mondragón
CVSS 6.2
CVE-2019-25587 EXPLOITDB MEDIUM python
BulletProof FTP Server 2019.0.0.50 Storage-Path Denial of Service
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer of 500 bytes or more to trigger an application crash when saving the configuration.
by Victor Mondragón
CVSS 6.2
CVE-2019-25550 EXPLOITDB MEDIUM python
Encrypt PDF 2.3 Denial of Service via Buffer Overflow
Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an application crash when importing PDF files.
by Alejandra Sánchez
CVSS 6.2
CVE-2019-25549 EXPLOITDB MEDIUM python
VeryPDF PCL Converter 2.7 Denial of Service via PDF Security
VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Attackers can trigger a buffer overflow by entering a 3000-byte password in the PDF Security encryption fields, causing the application to crash when processing PCL files.
by Alejandra Sánchez
CVSS 6.2
CVE-2014-9415 EXPLOITDB python
Huawei eSpace Desktop <V100R001C03 - DoS
Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file.
by LiquidWorm
EIP-2026-115161 EXPLOITDB python
docPrint Pro 8.0 - Denial of Service (PoC)
by Alejandra Sánchez
EIP-2026-114829 EXPLOITDB python
AbsoluteTelnet 10.16 - 'License name' Denial of Service (PoC)
by Victor Mondragón
CVE-2019-12185 EXPLOITDB HIGH python
eLabFTW 1.8.5 - Command Injection
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
by liquidsky
CVSS 8.8
CVE-2019-25553 EXPLOITDB MEDIUM python
CEWE PHOTO IMPORTER 6.4.3 Denial of Service via Malformed Image
CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import functionality during the image processing workflow.
by Alejandra Sánchez
CVSS 6.2
CVE-2019-25552 EXPLOITDB HIGH python
CEWE PHOTO SHOW 6.4.3 Denial of Service via Password Field
CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Attackers can paste a large string of repeated characters into the password input during the upload process to trigger an application crash.
by Alejandra Sánchez
CVSS 7.5
CVE-2019-25551 EXPLOITDB MEDIUM python
Sandboxie 5.30 Denial of Service via Program Alerts Buffer Overflow
Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attackers can paste a buffer of 5000 characters into the 'Select or enter a program' field during program alert configuration to trigger an application crash.
by Alejandra Sánchez
CVSS 6.2
CVE-2019-1821 EXPLOITDB HIGH python VERIFIED
Cisco Prime Infrastructure/EPN Manager - RCE
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
by mr_me
CVSS 8.8
CVE-2019-25590 EXPLOITDB MEDIUM python
Axessh 4.2 Denial of Service via Log File Name
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log file name parameter, and trigger a crash when establishing a telnet connection.
by Victor Mondragón
CVSS 6.2
CVE-2019-25609 EXPLOITDB HIGH python
JetAudio jetCast Server 2.0 Local SEH Buffer Overflow
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger an SEH exception handler and execute arbitrary code with application privileges.
by Connor McGarr
CVSS 8.4
CVE-2019-25607 EXPLOITDB HIGH python
Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges.
by Victor Mondragón
CVSS 8.4
CVE-2019-25589 EXPLOITDB MEDIUM python
ZOC Terminal 7.23.4 Buffer Overflow Denial of Service
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when accessing the Command Shell feature.
by Victor Mondragón
CVSS 6.2
EIP-2026-116657 EXPLOITDB python
ZOC Terminal v7.23.4 - 'Private key file' Denial of Service (PoC)
by Victor Mondragón
EIP-2026-116656 EXPLOITDB python
ZOC Terminal v7.23.4 - 'Private key file' Denial of Service (PoC)
by Victor Mondragón
EIP-2026-116653 EXPLOITDB python
ZOC Terminal 7.23.4 - 'Script' Denial of Service (PoC)
by Victor Mondragón
EIP-2026-116652 EXPLOITDB python
ZOC Terminal 7.23.4 - 'Script' Denial of Service (PoC)
by Victor Mondragón
CVE-2018-10608 EXPLOITDB HIGH python
SEL AcSELerator Architect <2.2.24.0 - DoS
SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required.
by LiquidWorm
CVSS 7.5
CVE-2019-25554 EXPLOITDB MEDIUM python
Tomabo MP4 Converter 3.25.22 Denial of Service via Name Field
Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when adding a preset in the Video/Audio Formats options, causing the application to crash when Reset All is clicked.
by Alejandra Sánchez
CVSS 5.5
CVE-2019-25558 EXPLOITDB MEDIUM python
Selfie Studio 2.17 Denial of Service via Resize Image
Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trigger a buffer overflow that crashes the application.
by Alejandra Sánchez
CVSS 6.2
CVE-2019-25557 EXPLOITDB MEDIUM python
TwistedBrush Pro Studio 24.06 Denial of Service via srp File
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the application by importing a malformed .srp script file. Attackers can create a .srp file containing an excessively large buffer and import it through the Script Player interface to trigger an application crash.
by Alejandra Sánchez
CVSS 6.2
CVE-2019-25556 EXPLOITDB MEDIUM python
TwistedBrush Pro Studio 24.06 Resize Image Denial of Service
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a malicious string into the New Width or New Height field to trigger a buffer overflow that causes the application to crash.
by Alejandra Sánchez
CVSS 6.2
By Source
All 4,724 Exploitdb 50,121 Writeup 46,832 Nomisec 21,205 Metasploit 3,189 Github 2,268 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,746 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24