Exploitdb Exploits
4,759 exploits tracked across all sources.
ebrigade < 4.5 - Arbitrary File Download via showfile.php File Parameter
eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file.
by AkkuS
CVSS 4.3
CF Image Hosting Script 1.6.5 Unauthorized Database Access
CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via the d parameter.
by David Tavarez
CVSS 9.8
BlueAuditor 1.7.2.0 Buffer Overflow Denial of Service via Registration Key
BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can trigger a denial of service by entering a 256-byte buffer of repeated characters in the Key registration field, causing the application to crash during registration processing.
by Luis Martínez
CVSS 6.2
SpotFTP Password Recover 2.4.2 Denial of Service via Name Field
SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. Attackers can generate a 256-byte payload, paste it into the Name input field, and trigger a crash when submitting the registration code.
by Luis Martínez
CVSS 6.2
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)
by Luis Martínez
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)
by Luis Martínez
Huawei E5180s-22 Firmware < 21.270.21.00.00 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors.
by Nathu Nandwani
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)
by Luis Martínez
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)
by Luis Martínez
NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)
by Luis Martínez
NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)
by Luis Martínez
nftp < 2.0 - Remote Code Execution via Buffer Overflow
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
by Uday Mittal
CVSS 9.8
vtiger CRM < 7.1.0 - Unauthenticated Remote Code Execution via PHP3 Logo Upload Bypass
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. It is related to actions/CompanyDetailsSave.php, actions/UpdateCompanyLogo.php, and models/CompanyDetails.php.
by AkkuS
CVSS 7.2
Iperius Backup 5.8.1 Local Buffer Overflow SEH
Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by supplying a malicious file path. Attackers can create a backup job with a crafted payload in the external file location field that triggers a buffer overflow when the backup job executes, enabling code execution with application privileges.
by bzyo
CVSS 8.4
MAGIX Music Editor 3.1 Buffer Overflow via SEH
MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload, paste it into the Server field via the CD menu's FreeDB Proxy Options, and trigger code execution when settings are accepted.
by bzyo
CVSS 8.4
Terminal Services Manager 3.1 Buffer Overflow SEH
Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that overwrite the SEH handler pointer to execute calc.exe or other payloads when imported through the add computers wizard.
by bzyo
CVSS 8.4
Angry IP Scanner for Linux 3.5.3 Denial of Service
Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to the port selection field. Attackers can craft a malicious string containing buffer overflow patterns and paste it into the Preferences Ports tab to trigger an application crash.
by Sam
CVSS 6.2
By Source