Exploitdb Exploits
4,728 exploits tracked across all sources.
Tp-link Wr940n Firmware - Memory Corruption
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm.
by Fidus InfoSecurity
CVSS 8.8
Asx TO Mp3 Converter - Memory Corruption
ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a crafted M3U file, a related issue to CVE-2009-1324.
by Parichay Rai
CVSS 7.8
Flexense VX Search - Memory Corruption
Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code.
by Revnic Vasile
CVSS 9.8
Apache Tomcat < 7.0.82 - Unrestricted File Upload
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
by intx0x80
CVSS 8.1
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1642. Reason: This candidate is a reservation duplicate of CVE-2009-1642.2. Notes: All CVE users should reference CVE-2009-1642 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
by Nitesh Shilpkar
Emtec Pyrobatchftp < 3.17 - Memory Corruption
EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial of service (application crash).
by Kevin McGuigan
CVSS 7.5
Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Local Buffer Overflow (SEH)
by Venkat Rajgor
dnsmasq <2.78 - Buffer Overflow
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.
by Google Security Research
CVSS 9.8
dnsmasq <2.78 - DoS
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
by Google Security Research
CVSS 7.5
dnsmasq <2.78 - DoS
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
by Google Security Research
CVSS 7.5
dnsmasq <2.78 - Info Disclosure
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
by Google Security Research
CVSS 5.9
dnsmasq <2.78 - Buffer Overflow
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
by Google Security Research
CVSS 9.8
dnsmasq <2.78 - Buffer Overflow
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
by Google Security Research
CVSS 9.8
Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow
by Owais Mehtab
Dup Scout Enterprise 10.0.18 - 'Import Command' Local Buffer Overflow
by Touhid M.Shaikh
Trend Micro OfficeScan <11.0 - Memory Corruption
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.
by hyp3rlinx
CVSS 9.8
FileRun <2017.09.18 - SQL Injection
FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).
by SPARC
CVSS 9.8
Intelbras WRN 150 - Authentication Bypass
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.
by Elber Tavares
CVSS 9.8
DiskBoss Enterprise 8.4.16 - 'Import Command' Local Buffer Overflow
by Touhid M.Shaikh
DiskBoss Enterprise 8.4.16 - Local Buffer Overflow (PoC)
by Touhid M.Shaikh
Mikrotik Routerboard - Improper Input Validation
MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS.
by Mr Bruce
CVSS 7.5
Oracle Virtual Desktop Infrastructure - Insecure Deserialization
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
by SlidingWindow
CVSS 9.8
Oracle 9i Database Release 2 - Buffer Overflow
Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.
by Charles Dardaman
By Source