Exploitdb Exploits
49,996 exploits tracked across all sources.
Ghostscript - Multiple Vulnerabilities
by Google Security Research
Ghostscript - Multiple Vulnerabilities
by Google Security Research
Geutebrueck RE Porter 16 Firmware - Information Disclosure
Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP port 12003.
by Kamil Suska
CVSS 9.8
Geutebrueck RE Porter 16 Firmware < 7.8.974.20 - XSS
A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or /images/*.png on TCP port 12005.
by Kamil Suska
CVSS 6.1
Project64 2.3.2 Denial of Service via Plugin Directory
Project64 2.3.2 contains a buffer overflow vulnerability in the Plugin Directory settings field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 6000-byte payload into the Plugin Directory field through the Options > Settings > Directories interface to trigger an application crash when settings are reopened.
by Gionathan Reale
CVSS 6.2
Ninja Forms <3.3.14.1 - Code Injection
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
by Mostafa Gharzi
CVSS 8.6
Openbsd Openssh < 7.7 - Race Condition
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
by Justin Gardner
CVSS 5.3
Prime95 29.4b7 Denial of Service via Proxy Password Field
Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet connection dialog that allows local attackers to crash the application by supplying an excessively long string in the optional proxy password field. Attackers can trigger a denial of service by entering a 6000-byte payload into the proxy password parameter, causing the application to crash when processing the connection settings.
by Gionathan Reale
CVSS 6.2
Bome Restorator 1793 Denial of Service via Buffer Overflow
Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can create a malicious payload exceeding 4000 bytes and paste it into the Name input field to trigger an application crash and denial of service.
by Gionathan Reale
CVSS 6.2
Zortam MP3 Media Studio 23.95 - Denial of Service (PoC)
by Gionathan Reale
Schneider Electric Modbus Serial Driver <3.2 - RCE
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.
by Alejandro Parodi
Schneider Electric Modbus Serial Driver <3.2 - RCE
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.
by Alejandro Parodi
Tagregator - XSS
The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.
by ManhNho
CVSS 4.8
WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection
by Çlirim Emini
Moderator Log Notes - CSRF
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF.
by 0xB9
CVSS 6.5
Hazzardweb Easylogin Pro < 1.3.0 - Insecure Deserialization
An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key.
by mr_me
CVSS 8.1
Schneider Electric IGSS <10 - Buffer Overflow
Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol.
by Alejandro Parodi
CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service
CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition.
by Gionathan Reale
CVSS 7.5
Microsoft Edge - Memory Corruption
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301.
by Google Security Research
CVSS 7.5
ChakraCore - Memory Corruption
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.
by Google Security Research
CVSS 7.5
By Source