Exploitdb Exploits
50,091 exploits tracked across all sources.
Ubuntu Linux - Exposure of Sensitive Information via SMT Port Contention Timing Attack
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
by Billy Brumley
CVSS 4.7
Arm Whois 3.11 Denial of Service via Buffer Overflow
Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 bytes into the IP address or domain input field to trigger a denial of service condition.
by Yair Rodríguez Aparicio
CVSS 6.2
WebDrive 18.00.5057 Denial of Service via Secure WebDAV
WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in the username parameter and trigger a connection test to cause the application to crash.
by Victor Mondragón
CVSS 6.2
Artha 1.0.3.0 - Buffer Overflow
Artha ~ The Open Thesaurus 1.0.3.0 has a Buffer Overflow.
by Ihsan Sencan
CVSS 7.5
SmartFTP Client 9.0.2615.0 Denial of Service via Host Field
SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can paste a buffer of 300 repeated characters into the Host connection parameter to trigger an application crash.
by Victor Mondragón
CVSS 6.2
Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution
by Jakub Palaczynski
Microstrategy Web 7 - Cross-Site Scripting via ShowAll Parameter
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product.
by Rafael Pedrero
CVSS 6.1
Microstrategy Web 7 - Cross-Site Scripting via Login.asp Msg Parameter
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product.
by Rafael Pedrero
CVSS 6.1
R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)
by Charles Truscott
Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit)
by d3ckx1
QNAP NetBak Replicator 4.5.6.0607 - Denial of Service (PoC)
by Yair Rodríguez Aparicio
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
by Ihsan Sencan
University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin)
by Ihsan Sencan
South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection
by Ihsan Sencan
phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection
by Boumediene KADDOUR
CI User Login and Management 1.0 - Arbitrary File Upload
by Ihsan Sencan
By Source