Text Exploits
31,386 exploits tracked across all sources.
GNU Binutils - Buffer Overflow in objdump Disassemble Function
The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution.
by Alexandre Adamski
CVSS 7.8
GNU Binutils - Buffer Overflow in bfin-dis.c *regs* Macros
The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
by Alexandre Adamski
CVSS 7.8
GNU Binutils 2.28 - Buffer Overflow in ieee_archive_p Function
The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug.
by Alexandre Adamski
CVSS 7.8
GNU Binutils 2.28 - Buffer Overflow
The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
by Alexandre Adamski
CVSS 7.8
Joomla JoomRecipe 1.0.3 SQL Injection via category parameter
Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. Attackers can send GET requests to the all-recipes endpoint with malicious SQL payloads in the category path segment to extract sensitive database information.
by EziBilisim
CVSS 8.2
KBVault Mysql Free Knowledge Base <0.16a - RCE
KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code.
by Fatih Emiral
CVSS 9.8
LG MRA58K - Out-of-Bounds Heap Read in CAVIFileParser::Destroy Resulting in Invalid Free
by Google Security Research
LG MRA58K - Missing Bounds-Checking in AVI Stream Parsing
by Google Security Research
LG MRA58K - 'ASFParser::ParseHeaderExtensionObjects' Missing Bounds-Checking
by Google Security Research
GStreamer < 1.10.1 - Denial of Service via MPEG-TS PAT Parser
The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
by Hanno Boeck
CVSS 5.5
Easy File Sharing Web Server 7.2 - Authentication Bypass
by Touhid M.Shaikh
WP Jobs < 1.4 - Authenticated SQL Injection via jobid Parameter
SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php.
by Dimitrios Tsagkarakis
CVSS 8.8
libquicktime 1.2.4 - Denial of Service via Crafted MP4 File
The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
libquicktime - Denial of Service via Crafted MP4 File
The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
libquicktime - Denial of Service via Heap-Based Buffer Over-Read in lqt_frame_duration
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
libquicktime 1.2.4 - Denial of Service via Crafted MP4 File
The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
libquicktime 1.2.4 - Denial of Service via Crafted MP4 File
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
libquicktime 1.2.4 - Denial of Service via Crafted MP4 File
The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
libcroco 0.6.12 - Denial of Service via Crafted CSS File
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.
by qflb.wu
CVSS 6.5
nuevomailer < 6.0 - SQL Injection via r Parameter
SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter.
by Oleg Boytsev
CVSS 9.8
libquicktime 1.2.4 - Denial of Service via Crafted MP4 File
The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
By Source