Exploitdb Exploits
50,095 exploits tracked across all sources.
Nord VPN 6.14.31 Denial of Service via Password Field
Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application crash when attempting to authenticate.
by L0RD
CVSS 7.5
NetworkActiv Web Server 4.0 Username Field Buffer Overflow DoS
NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding the expected buffer size through the Set username interface.
by Victor Mondragón
CVSS 6.2
Quizlord < 2.0 - Stored Cross-Site Scripting via Title Parameter in ql_insert Action
The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php.
by Renos Nikolaou
CVSS 5.4
Jibu Pro < 1.7 - Stored Cross-Site Scripting via Quiz Name Field
The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field.
by Renos Nikolaou
CVSS 5.4
CyBroHttpServer 1.0.3 - Path Traversal via URI
Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.
by Emre ÖVÜNÇ
CVSS 5.3
CyBroHttpServer 1.0.3 - Cross-Site Scripting via URI
Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI.
by Emre ÖVÜNÇ
CVSS 6.1
D-Link DIR-601 2.02NA - Info Disclosure
An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML.
by Kevin Randall
CVSS 8.0
NASA openVSP 3.16.1 Denial of Service via Buffer Overflow
NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Attackers can trigger a denial of service by pasting a 5000-byte payload into the name input field within the Geom browser pod addition interface.
by L0RD
CVSS 6.2
Drive Power Manager 1.10 Denial of Service via Name Field
Drive Power Manager 1.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a 6000-byte payload into the Name field and click Register to trigger a denial of service condition.
by Gionathan Reale
CVSS 5.5
Easy PhotoResQ 1.0 Buffer Overflow Denial of Service
Easy PhotoResQ 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Folder/filename field. Attackers can input a 6000-byte payload through the File Options dialog to trigger a denial of service condition.
by Gionathan Reale
CVSS 6.2
Fathom 2.4 Denial of Service via Authorization Code Buffer Overflow
Fathom 2.4 contains a buffer overflow vulnerability in the Authorization Code field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 6000-byte payload into the Authorization Code field and click Activate to trigger a denial of service condition.
by Gionathan Reale
CVSS 5.5
HD Tune Pro 5.70 Denial of Service via Options Dialog
HD Tune Pro 5.70 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the folder/file name field. Attackers can trigger a denial of service by entering a 6000-byte payload through the File > Options > Save dialog's folder/file name input field.
by Gionathan Reale
CVSS 6.2
SIPP 3.3 Stack-Based Buffer Overflow via Configuration File
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the return address and executing arbitrary code through return-oriented programming gadgets.
by Juan Sacco
CVSS 8.4
Trillian 6.1 Build 16 - 'Sign In' Denial of service (PoC)
by Jose Miguel Gonzalez
Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service (PoC)
by Samuel Cruz
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.
by hyp3rlinx
CVSS 7.5
ipPulse 1.92 - 'TCP Port' Denial of Service (PoC)
by Diego Santamaria
Immunity Debugger 1.85 - Denial of Service (PoC)
by Gionathan Reale
phpMyAdmin 4.7.0-4.7.6 - Cross-Site Request Forgery
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
by VulnSpy
CVSS 8.8
Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC)
by Luis Martínez
Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure
by BrianWGray
By Source