Exploitdb Exploits
4,724 exploits tracked across all sources.
RemoteMouse 3.008 - Arbitrary Remote Command Execution
by 0rphon
MailCarrier 2.51 - POP3 'LIST' SEH Buffer Overflow
by Dino Covotsos
MailCarrier 2.51 - POP3 'LIST' SEH Buffer Overflow
by Dino Covotsos
FTP Shell Server 6.83 Buffer Overflow via Account Name
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite the return address and execute calc.exe or other commands.
by Dino Covotsos
CVSS 8.4
FTPShell Server 6.83 - 'Virtual Path Mapping' Local Buffer
by Dino Covotsos
FTPShell Server 6.83 - 'Virtual Path Mapping' Local Buffer
by Dino Covotsos
Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Unauthenticated Remote Code Execution
by Julien Ahrens
Apache Axis < 7.3.5 - SSRF
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
by David Yesland
CVSS 7.5
TP-Link TL-WR940N - Buffer Overflow
TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.
by Grzegorz Wypych
CVSS 8.8
River Past Cam Do 3.7.6 Local Buffer Overflow in Activation Code
River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes of junk data followed by shellcode and SEH chain overwrite values to trigger code execution when the activation dialog processes the input.
by Chris Au
CVSS 8.4
Download Accelerator Plus DAP 10.0.6.0 SEH Buffer Overflow
Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and executes embedded shellcode when imported through the application's web page import functionality.
by Peyman Forouzan
CVSS 9.8
FlexHEX 2.71 Local Buffer Overflow via SEH Unicode
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers, paste the contents into the Stream Name dialog, and execute arbitrary commands like calc.exe when the exception handler is triggered.
by Chris Au
CVSS 8.4
Netatalk <3.1.12 - RCE
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
by muts
CVSS 9.8
AIDA64 Extreme 5.99.4900 SEH Buffer Overflow via Logging
AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging preferences to overflow the buffer and trigger code execution when the application processes the log file path.
by Peyman Forouzan
CVSS 8.4
Zoho ManageEngine ServiceDesk 9.3 - Privilege Escalation
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab.
by Ata Hakçıl_ Melih Kaan Yıldız
CVSS 8.8
Magic Iso Maker 5.5 Buffer Overflow Denial of Service
Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Attackers can generate a file containing 5000 bytes of data, paste it into the Serial Code field during registration, and trigger a denial of service condition that crashes the application.
by Alejandra Sánchez
CVSS 6.2
FreeSMS 2.1.2 - SQL Injection
FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. Attackers can exploit the vulnerable password parameter in requests to /pages/crc_handler.php?method=login to authenticate as any known user and subsequently modify their password via the profile update function.
by Yilmaz Degirmenci
CVSS 8.2
By Source