Exploitdb Exploits
49,996 exploits tracked across all sources.
Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)
by Nawaf Alkeraithe
Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service (PoC)
by Luis Martínez
Symantec Mobile Encryption for iPhone 2.1.0 - 'Server' Denial of Service (PoC)
by Luis Martínez
Dlink Dir-615 Firmware - Memory Corruption
D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.
by Aniket Dinda
CVSS 9.8
Acunetix WVS Reporter 10.0 - Denial of Service (PoC)
by Ali Alipour
Damicms - CSRF
An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.
by Autism_JH
CVSS 8.8
Network Manager VPNC Username Privilege Escalation
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.
by Metasploit
CVSS 7.8
NetworkActiv Web Server 4.0 Username Field Buffer Overflow DoS
NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding the expected buffer size through the Set username interface.
by Victor Mondragón
CVSS 6.2
WordPress Quizlord <2.0 - XSS
The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php.
by Renos Nikolaou
CVSS 5.4
Jibu Pro <1.7 - XSS
The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field.
by Renos Nikolaou
CVSS 5.4
Cybrotech Cybrohttpserver - Path Traversal
Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.
by Emre ÖVÜNÇ
CVSS 5.3
Cybrotech Cybrohttpserver - XSS
Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI.
by Emre ÖVÜNÇ
CVSS 6.1
D-Link DIR-601 2.02NA - Info Disclosure
An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML.
by Kevin Randall
CVSS 8.0
Drive Power Manager 1.10 Denial of Service via Name Field
Drive Power Manager 1.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a 6000-byte payload into the Name field and click Register to trigger a denial of service condition.
by Gionathan Reale
CVSS 5.5
Easy PhotoResQ 1.0 Buffer Overflow Denial of Service
Easy PhotoResQ 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Folder/filename field. Attackers can input a 6000-byte payload through the File Options dialog to trigger a denial of service condition.
by Gionathan Reale
CVSS 6.2
Fathom 2.4 Denial of Service via Authorization Code Buffer Overflow
Fathom 2.4 contains a buffer overflow vulnerability in the Authorization Code field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 6000-byte payload into the Authorization Code field and click Activate to trigger a denial of service condition.
by Gionathan Reale
CVSS 5.5
HD Tune Pro 5.70 Denial of Service via Options Dialog
HD Tune Pro 5.70 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the folder/file name field. Attackers can trigger a denial of service by entering a 6000-byte payload through the File > Options > Save dialog's folder/file name input field.
by Gionathan Reale
CVSS 6.2
SIPP 3.3 Stack-Based Buffer Overflow via Configuration File
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the return address and executing arbitrary code through return-oriented programming gadgets.
by Juan Sacco
CVSS 8.4
Trillian 6.1 Build 16 - 'Sign In' Denial of service (PoC)
by Jose Miguel Gonzalez
Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service (PoC)
by Samuel Cruz
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.
by hyp3rlinx
CVSS 7.5
By Source