Exploitdb Exploits
4,759 exploits tracked across all sources.
memcached 1.5.5 - Denial of Service via UDP Traffic Amplification
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.
by 649
CVSS 7.5
Dup Scout Enterprise 10.5.12 - 'Share Username' Local Buffer Overflow
by bzyo
Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (2)
by Alex Conrey
iSumsoft ZIP Password Refixer 3.1.1 - Buffer Overflow
by ScrR1pTK1dd13
IrfanView 4.50 Email Plugin - Buffer Overflow (SEH Unicode)
by bzyo
SEGGER embOS/IP FTP Server < 3.22a - Denial of Service via Invalid LIST STOR or RETR Command
SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command.
by hyp3rlinx
CVSS 7.5
Windows 8.1, RT 8.1, and Server 2012 R2 - Denial of Service via SMBv2/SMBv3 Client Null Pointer Dereference
The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability".
by Nabeel Ahmed
CVSS 5.3
Concrete CMS < 8.3.0 - Unauthenticated Comment Enumeration via cnvID Parameter
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.
by Chapman Schleiss
CVSS 5.3
Asterisk Buffer Overflow via SUBSCRIBE Request Accept Headers
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.
by EnableSecurity
CVSS 7.5
Asterisk chan_pjsip 15.2.0 - 'SDP' Denial of Service
by EnableSecurity
Asterisk chan_pjsip 15.2.0 - 'SDP fmtp' Denial of Service
by EnableSecurity
Asterisk 13.x-13.19.1, 14.x<14.7.5, 15.x-15.2.1, Certified Asterisk <13.18 - DoS via SIP INVITE
An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.
by EnableSecurity
CVSS 6.5
NoMachine < 6.0.66_2 - Local Privilege Escalation via Uninitialized Stack Variable in nxfuse
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.
by Fidus InfoSecurity
CVSS 7.8
EChat Server 3.1 Buffer Overflow via chat.ghp username Parameter
EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets to achieve code execution in the application context.
by Juan Sacco
CVSS 9.8
Flexense Disksavvy - Memory Corruption
A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9124.
by Daniel Teixeira
CVSS 9.8
DiskBoss < 8.9 - Buffer Overflow via Import Command XML Name Attribute
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
by Daniel Teixeira
CVSS 7.8
WavPack 5.1.0 - Denial of Service via Malicious CAF File
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.
by r4xis
CVSS 7.8
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 50000/UDP could cause a denial-of-service of the affected device. A manual reboot may be required to recover the service of the device.
by M. Can Kurnaz
GNU Binutils - Integer Overflow in elf_object_p
The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
by r4xis
CVSS 7.8
Tenda AC15 <V15.03.1.16_multi - RCE
An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.
by Tim Carrington
CVSS 9.8
CloudMe Sync < 1.10.9 - Unauthenticated Remote Buffer Overflow via Port 8888
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.
by hyp3rlinx
CVSS 9.8
By Source