Exploitdb Exploits
50,095 exploits tracked across all sources.
Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket
by Google Security Research
Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler
by Google Security Research
iCash 7.6.5 Denial of Service via Connect to Server
iCash 7.6.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload through the Connect to Server dialog. Attackers can paste a 7000-byte string into the Host field and click Connect to trigger an application crash.
by Gionathan Reale
CVSS 5.5
Infiltrator Network Security Scanner 4.6 Denial of Service
Infiltrator Network Security Scanner 4.6 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a 6000-byte payload into the Scan Target field and trigger a denial of service condition when the Scan button is clicked.
by Gionathan Reale
CVSS 5.5
jiNa OCR Image to Text 1.0 Denial of Service via PNG
jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted PNG file with an oversized buffer and trigger the crash when the application attempts to convert the file to PDF.
by Gionathan Reale
CVSS 6.2
PicaJet FX 2.6.5 Denial of Service via Registration Fields
PicaJet FX 2.6.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-byte buffer into the Registration Name and Registration Key fields via the Help menu's Register PicaJet dialog to trigger an application crash.
by Gionathan Reale
CVSS 6.2
PixGPS 1.1.8 Buffer Overflow Denial of Service
PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Attackers can craft a payload exceeding 6000 bytes and paste it into the 'Folder with picture files' field to trigger a denial of service condition.
by Gionathan Reale
CVSS 6.2
RoboImport 1.2.0.72 Denial of Service via Registration Fields
RoboImport 1.2.0.72 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-byte buffer into the Registration Name and Registration Key fields and click Register to trigger an application crash.
by Gionathan Reale
CVSS 5.5
CIRCONTROL CirCarLife <4.3 - Info Disclosure
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information.
by SadFud
CVSS 6.5
CIRCONTROL CirCarLife <4.3 - Info Disclosure
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id.
by SadFud
CVSS 5.3
CIRCONTROL CirCarLife <4.3 - Info Disclosure
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.
by SadFud
CVSS 5.3
CIRCONTROL OCPP <1.5.0 - Info Disclosure
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.
by SadFud
CVSS 9.8
CIRCONTROL CirCarLife <4.3 - Info Disclosure
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.
by SadFud
CVSS 5.3
Synametrics SynaMan 4.0 build 1488 - Insufficiently Protected SMTP Credentials
Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.
by bzyo
CVSS 7.8
SynaMan 4.0 build 1488 - Stored Cross-Site Scripting via Partial Branding Configuration
Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page.
by bzyo
CVSS 4.8
PDF Explorer 1.5.66.2 - Denial of Service (PoC)
by Gionathan Reale
MyBB 1.8.17 - Cross-Site Scripting in RSS Syndication Feed
An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS.
by 0xB9
CVSS 6.1
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 - SQL Injection
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599.
by Mohamed Sayed
CVSS 7.5
iPhone OS < 11.4, macOS < 10.13.5, tvOS < 11.4, watchOS < 4.3.1 - Denial of Service via Crafted Message
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.
by Sriram
CVSS 6.5
Rubedo < 3.4.0 - Unauthenticated Path Traversal via Theme Component
Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.
by Marouene Boubakri
CVSS 9.8
LG Smart Network Camera Firmware 1310250-1508190 - Unauthenticated Sensitive Information Exposure
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password.
by Ege Balci
CVSS 7.5
CirCarLife Scada <4.3 - Info Disclosure
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
by SadFud
CVSS 9.8
InTouch Machine Edition 8.1 SP1 - 'Nombre del Tag' Buffer Overflow (SEH)
by Luis Martínez
Bayanno Hospital Management System 4.0 - Cross-Site Scripting
by Gokhan Sagoglu
By Source