Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-1325 EXPLOITDB perl
Mini-stream Ripper 3.0.1.1 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
CVE-2009-1326 EXPLOITDB perl
Mini-stream RM Downloader 3.0.0.9 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
CVE-2009-1328 EXPLOITDB perl
Mini-stream RM-MP3 Converter 3.0.0.7 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
CVE-2009-1329 EXPLOITDB perl
Mini-stream Shadow Stream Recorder 3.0.1.7 - Remote Code Execution via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream Shadow Stream Recorder 3.0.1.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
CVE-2008-2031 EXPLOITDB c
VicFTPS 5.0 - Denial of Service via Crafted LIST Command
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a crafted LIST command, which triggers a NULL pointer dereference. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2001-1156 EXPLOITDB perl
TYPSoft FTP 0.95 - Denial of Service via STOR or RETR Path Traversal
TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR.
CVE-2014-7221 EXPLOITDB MEDIUM
TeamSpeak 3 < 3.0.14 - Authenticated Denial of Service via Crafted BBCode Image Tag
TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (buffer overflow and application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab containing [img]//http:// substrings.
CVSS 6.5
CVE-2008-2859 EXPLOITDB python
SurgeMail < 3.9g - Denial of Service via IMAP Command
Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command."
CVE-2004-1194 EXPLOITDB c
Star Wars Battlefront 1.11 - Denial of Service via Long Nickname
Buffer overflow in Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (application crash) via a long nickname.
CVE-2011-4220 EXPLOITDB python
SlimPDF Reader - DoS/Code Injection
Investintech.com SlimPDF Reader does not properly restrict the arguments to unspecified function calls, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.
CVE-2011-4221 EXPLOITDB python
Investintech.com Able2Doc/Able2Doc Pro - DoS/Code Injection
Unspecified vulnerability in Investintech.com Able2Doc and Able2Doc Professional allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document.
CVE-2011-4529 EXPLOITDB
Siemens Automation License Manager < 5.1 - Remote Code Execution via Long SerialID in License Key Command
Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command.
CVE-2011-4530 EXPLOITDB
Siemens Automation License Manager < 5.1 - Denial of Service via Long Field Input
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function.
CVE-2011-4531 EXPLOITDB
Siemens Automation License Manager < 5.1 - DoS via Crafted Commands
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command.
CVE-2012-3815 EXPLOITDB
Winlog Lite < 2.07.18 - Remote Code Execution via Crafted TCP Packet
Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. NOTE: some of these details are obtained from third party information.
CVE-2012-4353 EXPLOITDB
Winlog Pro < 2.07.17 - Remote Code Execution via Crafted TCP Packet
Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a crafted port-46824 TCP packet that triggers an incorrect file-open attempt by the _TCPIPS_BinOpenFileFP function, a different vulnerability than CVE-2012-3815. NOTE: some of these details are obtained from third party information.
CVE-2012-4354 EXPLOITDB
Winlog Pro and Winlog Lite < 2.07.17 - Remote Code Execution via Crafted TCP Packet
TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information.
CVE-2012-4355 EXPLOITDB
Winlog Pro and Winlog Lite < 2.07.18 - Remote Code Execution via Crafted TCP Packet
TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4354.
CVE-2012-4356 EXPLOITDB
Winlog Pro < 2.07.17 - Unauthenticated Path Traversal via TCP Port 46824 File Operations
Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98.
CVE-2005-3486 EXPLOITDB c
Scorched 3D 39.1 (bf) and earlier - Remote Code Execution via Format String Vulnerabilities
Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, and possibly other unspecified vectors.
CVE-2005-3487 EXPLOITDB c
Scorched 3D 39.1 (bf) and earlier - Remote Code Execution via Multiple Buffer Overflows
Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, (4) a long command that is not properly handled in ComsMessageHandler.cpp when generating an error message, (5) a long UniqueID value in Logger.cpp, and possibly other unspecified vectors.
CVE-2006-1100 EXPLOITDB c
Sauerbraten Cube - Buffer Overflow via Long Input Streams
Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 2006_02_28 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data.
CVE-2006-1101 EXPLOITDB c
Sauerbraten Cube - Denial of Service via Long Input Stream in sgetstr and getint Functions
The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input data that trigger an out-of-bounds read, as demonstrated using SV_EXT tag data in the Cube engine, which is not properly handled by getint.
CVE-2006-1102 EXPLOITDB c
Sauerbraten 2006_02_28 - Denial of Service via Map File Path Traversal
Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (client exit) by forcing the server to change to a map (ogz) file whose name contains ".." sequences and has a certain length that prevents the addition of the ".ogz" extension.
CVE-2011-1516 EXPLOITDB
Apple Mac OS X 10.5.x-10.7.x - Privilege Escalation
The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303.
By Source
All 50,076 Writeup 62,204 Exploitdb 50,076 Nomisec 22,391 Github 3,608 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,563 ruby 6,002 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25