Exploitdb Exploits

CVE-2017-9258 EXPLOITDB MEDIUM text

SoundTouch 1.9.2 - DoS

The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file.

by qflb.wu

CVSS 5.5

View

CVE-2017-3132 EXPLOITDB MEDIUM text VERIFIED

Fortinet Fortios < 5.6.0 - XSS

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.

by patryk_bogdan

CVSS 6.1

View

CVE-2017-3131 EXPLOITDB MEDIUM text VERIFIED

Fortinet Fortios - XSS

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.

by patryk_bogdan

CVSS 5.4

View

EIP-2026-113049 EXPLOITDB text

VehicleWorkshop - SQL Injection

by Shahab Shamsi

View

CVE-2017-9260 EXPLOITDB MEDIUM text

SoundTouch 1.9.2 - DoS

The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.

by qflb.wu

CVSS 5.5

View

CVE-2017-9614 EXPLOITDB HIGH text

libjpeg-turbo 1.5.1 - DoS

The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code caused by misuse of the libjpeg API

by qflb.wu

CVSS 8.8

View

CVE-2017-9412 EXPLOITDB MEDIUM text

LAME 3.99.5 - DoS

The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.

by qflb.wu

CVSS 5.5

View

CVE-2017-3133 EXPLOITDB MEDIUM text VERIFIED

Fortinet Fortios < 5.6.0 - XSS

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.

by patryk_bogdan

CVSS 6.1

View

EIP-2026-108235 EXPLOITDB text

Joomla! Component CCNewsLetter 2.1.9 - 'sbid' SQL Injection

by Shahab Shamsi

View

CVE-2016-2226 EXPLOITDB HIGH text VERIFIED

GNU Libiberty - Integer Overflow

Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.

by Marcel Böhme

CVSS 7.8

View

EIP-2026-107254 EXPLOITDB text

Friends in War Make or Break 1.7 - SQL Injection

by Ihsan Sencan

View

EIP-2026-113541 EXPLOITDB text

WordPress Plugin Ads Pro < 3.4 - Cross-Site Scripting / SQL Injection

by 8bitsec

View

EIP-2026-107252 EXPLOITDB text VERIFIED

Friends in War Make or Break 1.7 - Authentication Bypass

by Adam

View

EIP-2026-103714 EXPLOITDB text VERIFIED

WebKit JSC - 'ObjectPatternNode::appendEntry' Stack Use-After-Free

by Google Security Research

View

EIP-2026-110498 EXPLOITDB text

PaulShop - SQL Injection / Cross-Site Scripting

by BTIS Team

View

EIP-2026-102446 EXPLOITDB text

REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution

by RedTeam Pentesting

View

EIP-2026-102445 EXPLOITDB text

REDDOXX Appliance Build 2032 / 2.0.625 - Arbitrary File Disclosure

by RedTeam Pentesting

View

EIP-2026-109850 EXPLOITDB text

NEC UNIVERGE UM4730 < 11.8 - SQL Injection

by b0x41s

View

CVE-2017-18602 EXPLOITDB HIGH text

WordPress Examapp Plugin 1.0 - SQL Injection

The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.

by 8bitsec

CVSS 8.8

View

CVE-2017-18601 EXPLOITDB MEDIUM text

WordPress examapp <1.0 - XSS

The examapp plugin 1.0 for WordPress has XSS via exam input text fields.

by 8bitsec

CVSS 5.4

View

EIP-2026-112685 EXPLOITDB text

Tilde CMS 1.01 - Multiple Vulnerabilities

by Raffaele Forte

View

EIP-2026-108751 EXPLOITDB text

Joomla! Component JoomRecipe 1.0.4 - 'search_author' SQL Injection

by Teng

View

EIP-2026-102823 EXPLOITDB text

Docker Daemon - Unprotected TCP Socket

by Martin Pizala

View

EIP-2026-102099 EXPLOITDB text

VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass

by Viktoras

View

EIP-2026-100072 EXPLOITDB text

Virtual Postage (VPA) - Man In The Middle Remote Code Execution

by intern0t

View