Exploitdb Exploits
4,724 exploits tracked across all sources.
Openbsd Openssh < 7.9 - Path Traversal
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
by Harry Sintonen
CVSS 5.9
RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass
RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.
by bzyo
CVSS 8.4
eBrigade <4.5 - Path Traversal
eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file.
by AkkuS
CVSS 4.3
CF Image Hosting Script 1.6.5 Unauthorized Database Access
CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via the d parameter.
by David Tavarez
CVSS 9.8
BlueAuditor 1.7.2.0 Buffer Overflow Denial of Service via Registration Key
BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can trigger a denial of service by entering a 256-byte buffer of repeated characters in the Key registration field, causing the application to crash during registration processing.
by Luis Martínez
CVSS 6.2
SpotFTP Password Recover 2.4.2 Denial of Service via Name Field
SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. Attackers can generate a 256-byte payload, paste it into the Name input field, and trigger a crash when submitting the registration code.
by Luis Martínez
CVSS 6.2
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)
by Luis Martínez
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)
by Luis Martínez
Huawei E5180s-22 Firmware - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors.
by Nathu Nandwani
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)
by Luis Martínez
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)
by Luis Martínez
NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)
by Luis Martínez
NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)
by Luis Martínez
Nftp < 2.0 - Buffer Overflow
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
by Uday Mittal
CVSS 9.8
Vtiger CRM 7.1.0 - Code Injection
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. It is related to actions/CompanyDetailsSave.php, actions/UpdateCompanyLogo.php, and models/CompanyDetails.php.
by AkkuS
CVSS 7.2
Iperius Backup 5.8.1 Local Buffer Overflow SEH
Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by supplying a malicious file path. Attackers can create a backup job with a crafted payload in the external file location field that triggers a buffer overflow when the backup job executes, enabling code execution with application privileges.
by bzyo
CVSS 8.4
MAGIX Music Editor 3.1 Buffer Overflow via SEH
MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload, paste it into the Server field via the CD menu's FreeDB Proxy Options, and trigger code execution when settings are accepted.
by bzyo
CVSS 8.4
Terminal Services Manager 3.1 Buffer Overflow SEH
Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that overwrite the SEH handler pointer to execute calc.exe or other payloads when imported through the add computers wizard.
by bzyo
CVSS 8.4
By Source