Exploitdb Exploits
50,186 exploits tracked across all sources.
UltraVNC Launcher 1.2.4.0 - DoS
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash.
by chuyreds
CVSS 7.5
UltraVNC Launcher 1.2.4.0 - DoS
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal launcher functionality.
by chuyreds
CVSS 6.2
Nsauditor Product Key Explorer <4.2.2.0 - DoS
Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can generate a payload of 1000 bytes of repeated characters and paste it into the 'Key' input field to trigger the application crash.
by 0xMoHassan
CVSS 6.2
Nsauditor 3.2.0.0 - DoS
Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes of repeated characters to trigger an application crash when pasted into the registration name field.
by 0xMoHassan
CVSS 7.5
Memu Play 7.1.3 - Privilege Escalation
Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file modification permissions.
by chuyreds
CVSS 9.8
Triologic Media Player 8 - '.m3l' Buffer Overflow (Unicode) (SEH)
by Felipe Winsnes
Limesurvey < 4.1.11 - XSS
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).
by Matthew Aberegg
CVSS 5.4
Limesurvey < 4.1.11 - Path Traversal
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
by Matthew Aberegg
CVSS 9.8
WhatsApp Desktop <0.3.9309 - XSS
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.
by Gal Weizman
CVSS 8.2
Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution (Metasploit)
by Mehmet Ince
Netgate Pfsense < 2.4.5 - XSS
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.
by Matthew Aberegg
CVSS 5.4
AIDA64 Engineer 6.20.5300 - 'Report File' filename Buffer Overflow (SEH)
by Hodorsec
Pandora FMS 7.0NG - 'net_tools.php' Remote Code Execution
by Basim Alabdullah
PHP-Fusion 9.03.50 - RCE
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panel_content POST parameters to the panels.php administration endpoint to execute malicious code.
by Unkn0wn
CVSS 6.1
Flexsense DiskBoss 7.7.14 - Buffer Overflow
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field.
by Paras Bhatia
CVSS 7.8
Flexsense DiskBoss 7.7.14 - DoS
Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application.
by Paras Bhatia
CVSS 7.5
10Strike LANState 9.32 - 'Force Check' Buffer Overflow (SEH)
by Hodorsec
Microsoft .net Framework - Remote Code Execution
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.
by Metasploit
CVSS 9.8
FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC)
by Paras Bhatia
IBM Planning Analytics <2.0.9 - Privilege Escalation
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.
by Metasploit
CVSS 9.8
Redis - Replication Code Execution (Metasploit)
by Metasploit
Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'user_password' SQL Injection
by Jacob Baines
Grandstream UCM6200 <1.0.20.22 - SQL Injection
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
by Jacob Baines
CVSS 7.5
By Source