Exploitdb Exploits
31,330 exploits tracked across all sources.
WordPress Plugin Count Per Day 3.5.4 - Persistent Cross-Site Scripting
by Julien Rentrop
NUUO NVRmini <3.0.0 - Buffer Overflow
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
by Pedro Ribeiro
CVSS 8.8
Wireshark <2.0.5 - DoS
The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
by Igor
CVSS 5.9
Wireshark 2.x <2.0.5 - DoS
epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors.
by Antti Levomäki
CVSS 5.9
Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - WSP Dissector Denial of Service
by Chris Benedict
Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - RLC Dissector Denial of Service
by Antti Levomäki
Wireshark <1.12.13, <2.0.5 - DoS
epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.
by Chris Benedict
CVSS 5.9
Wireshark <1.12.13 - DoS
epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
by Chris Benedict
CVSS 5.9
Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)
by Vinesh Redkar
WordPress Plugin WP Live Chat Support 6.2.03 - Persistent Cross-Site Scripting
by Dennis Kerdijk & Erwin Kievith
WordPress Plugin Booking Calendar 6.2 - SQL Injection
by Edwin Molenaar
WordPress Plugin ALO EasyMail NewsLetter 2.9.2 - Cross-Site Request Forgery (Add/Import Arbitrary Subscribers)
by Yorick Koster
WordPress Plugin Ultimate Product Catalog 3.9.8 - do_shortcode via ajax Blind SQL Injection
by i0akiN SEC-LABORATORY
Trend Micro Deep Discovery Inspector <3.8 - RCE
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
by korpritzombie
CVSS 7.2
AXIS network cameras - Command Injection
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
by Orwelllabs
CVSS 8.8
Linux Kernel (ARM/ARM64) - 'perf_event_open()' Arbitrary Memory Read
by Google Security Research
Iris ID IrisAccess iCAM4000/iCAM7000 - Hard-Coded Credentials Remote Shell Access
by LiquidWorm
Iris ID IrisAccess ICU 7000-2 - Remote Command Execution
by LiquidWorm
By Source