Exploitdb Exploits
4,724 exploits tracked across all sources.
Phoenix Contact ILC PLCs - Info Disclosure
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.
by Photubias
CVSS 7.3
Phoenix Contact ILC PLCs - Info Disclosure
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.
by Photubias
CVSS 7.3
Phoenix Contact ILC PLC - Info Disclosure
Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text.
by Photubias
CVSS 7.3
Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow (SEH) (DEP Bypass)
by Matteo Malvica
Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow (SEH) (DEP Bypass)
by Matteo Malvica
Imperva SecureSphere <13.2.10 - Command Injection
The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled.
by rsp3ar
CVSS 9.8
Imperva SecureSphere <v13 - RCE
Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface.
by rsp3ar
CVSS 8.1
FLIR thermal traffic cameras - SSRF
FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially initiate denial of service by sending crafted WebSocket messages without authentication.
by LiquidWorm
CVSS 7.5
Imperva SecureSphere <13.1.0.10 - Command Injection
A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation.
by rsp3ar
CVSS 8.8
NICO-FTP 3.0.1.19 - Buffer Overflow (SEH) (ASLR Bypass)
by Miguel Mendez Z
NICO-FTP 3.0.1.19 - Buffer Overflow (SEH) (ASLR Bypass)
by Miguel Mendez Z
FTP Voyager 16.2.0 Denial of Service via Malformed Site Profile
FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can create a malicious site profile containing 500 bytes of repeated characters and paste it into the IP field to trigger a buffer overflow that crashes the FTP Voyager process.
by Abdullah Alıç
CVSS 6.2
Zahir Accounting Enterprise Plus <6 - RCE
Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu.
by SPARC
CVSS 7.8
CrossFont 7.5 Denial of Service via License Key Field
CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malicious file containing 4000 bytes of data, paste it into the License Key input field, and trigger an application crash when processing the input.
by Gionathan Reale
CVSS 6.2
TransMac 12.2 Denial of Service via License Key Field
TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a payload file containing 4000 bytes of data, paste it into the License Key field, and trigger a denial of service condition.
by Gionathan Reale
CVSS 6.2
Faleemi Desktop Software 1.8.2 Local Buffer Overflow SEH
Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within the Managing Log interface to execute arbitrary code with calculator proof-of-concept execution.
by Gionathan Reale
CVSS 8.4
Easy PhoroResQ 1.0 - Buffer Overflow
by Cemal Cihad ÇİFTÇİ
Termite 3.4 Denial of Service via Settings Buffer Overflow
Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the application.
by Abdullah Alıç
CVSS 6.2
SoftX FTP Client 3.3 - Denial of Service (PoC)
by Cemal Cihad ÇİFTÇİ
Beyond Remote 2.2.5.3 - Denial of Service (PoC)
by Erenay Gencay
By Source