Text Exploits
31,386 exploits tracked across all sources.
Sound eXchange 14.4.2 - Denial of Service via Crafted SND File Conversion
The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.
by qflb.wu
CVSS 5.5
Xiph.Org libao 1.2.0 - Memory Corruption
The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file.
by qflb.wu
CVSS 5.5
DivFix++ - Out-of-bounds Write in AVI Header Fix Function
The DivFixppCore::avi_header_fix function in DivFix++Core.cpp in DivFix++ v0.34 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted avi file.
by qflb.wu
CVSS 5.5
SoundTouch 1.9.2 - Denial of Service via Crafted WAV File
The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file.
by qflb.wu
CVSS 5.5
SoundTouch 1.9.2 - Denial of Service via Crafted WAV File
The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file.
by qflb.wu
CVSS 5.5
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting via FortiToken Activation Action Input
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
by patryk_bogdan
CVSS 6.1
FortiOS 5.4.0-5.4.4 and 5.6.0 - Cross-Site Scripting via FortiView Applications Filter Input
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.
by patryk_bogdan
CVSS 5.4
SoundTouch 1.9.2 - Denial of Service via Crafted WAV File
The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.
by qflb.wu
CVSS 5.5
libjpeg-turbo 1.5.1 - Denial of Service via Crafted JPG File
The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code caused by misuse of the libjpeg API
by qflb.wu
CVSS 8.8
LAME 3.99.5 - Denial of Service via Crafted WAV File
The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.
by qflb.wu
CVSS 5.5
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting via SSL-VPN Replacement Message
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
by patryk_bogdan
CVSS 6.1
Joomla! Component CCNewsLetter 2.1.9 - 'sbid' SQL Injection
by Shahab Shamsi
GNU libiberty - Remote Code Execution via Integer Overflow in cplus-dem.c
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.
by Marcel Böhme
CVSS 7.8
WordPress Plugin Ads Pro < 3.4 - Cross-Site Scripting / SQL Injection
by 8bitsec
Friends in War Make or Break 1.7 - Authentication Bypass
by Adam
WebKit JSC - 'ObjectPatternNode::appendEntry' Stack Use-After-Free
by Google Security Research
REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution
by RedTeam Pentesting
REDDOXX Appliance Build 2032 / 2.0.625 - Arbitrary File Disclosure
by RedTeam Pentesting
Joomla JoomRecipe 1.0.4 Component Blind SQL Injection via search_author
Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques.
by Teng
CVSS 8.2
WordPress Examapp Plugin 1.0 - SQL Injection
The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.
by 8bitsec
CVSS 8.8
ibps_online_exam - Cross-Site Scripting via Exam Input Text Fields
The examapp plugin 1.0 for WordPress has XSS via exam input text fields.
by 8bitsec
CVSS 5.4
By Source