Exploitdb Exploits
49,983 exploits tracked across all sources.
Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions
by hyp3rlinx
TexasSoft CyberPlanet 6.4.131 - Code Injection
TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious executables and gain elevated system privileges.
by Cristian Ayala G
CVSS 7.8
Online Inventory Manager 3.2 - XSS
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie theft and client-side script execution.
by Cemal Cihad ÇİFTÇİ
CVSS 6.4
GHIA CamIP 1.2 - DoS
GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated characters into the password field to trigger an application crash on iOS devices.
by Ivan Marmolejo
CVSS 7.5
Mersive Solstice Firmware < 2.8.4 - OS Command Injection
Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root.
by Alexandre Teyar
CVSS 8.8
SpotAuditor 5.3.2 - DoS
SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted into the Base64 Encrypted Password field.
by ZwX
CVSS 7.5
SpotAuditor 5.3.2 - Buffer Overflow
SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to trigger a Structured Exception Handler (SEH) overwrite and execute shellcode on the vulnerable system.
by ZwX
CVSS 8.4
Microsoft DirectX SDK 2010 - '.PIXrun' Denial Of Service (PoC)
by ZwX
iNetTools for iOS 8.20 - DoS
iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-character buffer into the Domain Name field to trigger an application crash.
by Ivan Marmolejo
CVSS 7.5
InduSoft Web Studio 8.1 SP1 - _Atributos_ Denial of Service (PoC)
by chuyreds
Easy-Hide-IP 5.0.0.3 - Code Injection
Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe' to inject malicious executables and escalate privileges.
by Rene Cortes S
CVSS 7.8
SMPlayer 19.5.0 - Buffer Overflow
SMPlayer 19.5.0 has a buffer overflow via a long .m3u file.
by Malav Vyas
CVSS 5.5
Waves MaxxAudio Drivers 1.1.6.0 - 'WavesSysSvc64' Unquoted Service Path
by Luis Martínez
Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation
by Abdelhamid Naceri
By Source