Exploitdb Exploits
31,337 exploits tracked across all sources.
Wireshark - Improper Input Validation
epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet.
by Google Security Research
CVSS 5.5
Wireshark - Improper Input Validation
The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
by Google Security Research
CVSS 5.3
Wireshark - Improper Input Validation
The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
by Google Security Research
CVSS 5.5
Wireshark - Improper Input Validation
The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
by Google Security Research
CVSS 5.5
Wireshark - Memory Corruption
The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
by Google Security Research
CVSS 5.5
Wireshark - Improper Input Validation
The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
by Google Security Research
CVSS 5.5
FireEye - Wormable Remote Code Execution in MIP JAR Analysis
by Tavis Ormandy & Natalie Silvanovich
Tequila File Hosting 1.5 - Multiple Vulnerabilities
by Ashiyane Digital Security Team
Ovidentia bulletindoc Module 2.9 - Multiple Remote File Inclusions
by bd0rk
ArticleSetup Article Script 1.00 - SQL Injection
by Linux Zone Research Team
Microsoft Windows 10 - Access Control
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."
by Google Security Research
WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation
by Kacper Szurek
ECommerceMajor - 'productdtl.php?prodid' SQL Injection
by Rahul Pratap Singh
Bitrix <1.0.4 - Path Traversal
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php.
by High-Tech Bridge SA
Bitrix <1.0.12 - Path Traversal
Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php.
by High-Tech Bridge SA
Adobe Flash Player <18.0.0.255,19.x<19.0.0.226 - RCE
Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7647.
by Google Security Research
Adobe Flash Player <18.0.0.255,19.x<19.0.0.226 - RCE
Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7648.
by Google Security Research
Polycom VVX-Series Business Media Phones - Directory Traversal
by Jake Reynolds
GoAutoDial CE 3.3 - Multiple SQL Injections / Command Injection
by R-73eN
Avast! - Integer Overflow Verifying numFonts in TTC Header
by Google Security Research
Rar - CmdExtract::UnstoreFile Integer Truncation Memory Corruption
by Google Security Research
Avast! - Out-of-Bounds Write Decrypting PEncrypt Packed executables
by Google Security Research
By Source