Exploitdb Exploits
50,095 exploits tracked across all sources.
Ninja Forms <3.3.14.1 - Code Injection
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
by Mostafa Gharzi
CVSS 8.6
OpenSSH < 7.7 - User Enumeration via Authentication Request Timing
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
by Justin Gardner
CVSS 5.3
Prime95 29.4b7 Denial of Service via Proxy Password Field
Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet connection dialog that allows local attackers to crash the application by supplying an excessively long string in the optional proxy password field. Attackers can trigger a denial of service by entering a 6000-byte payload into the proxy password parameter, causing the application to crash when processing the connection settings.
by Gionathan Reale
CVSS 6.2
Bome Restorator 1793 Denial of Service via Buffer Overflow
Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can create a malicious payload exceeding 4000 bytes and paste it into the Name input field to trigger an application crash and denial of service.
by Gionathan Reale
CVSS 6.2
Zortam MP3 Media Studio 23.95 - Denial of Service (PoC)
by Gionathan Reale
Schneider Electric Modbus Serial Driver <3.2 - RCE
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.
by Alejandro Parodi
Schneider Electric Modbus Serial Driver <3.2 - RCE
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.
by Alejandro Parodi
Tagregator 0.6 - Stored Cross-Site Scripting via Title Field
The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.
by ManhNho
CVSS 4.8
WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection
by Çlirim Emini
Moderator Log Notes 1.1 - Cross-Site Request Forgery
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF.
by 0xB9
CVSS 6.5
EasyLogin Pro < 1.3.0 - Remote Code Execution via Encryptor.php Unserialize
An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key.
by mr_me
CVSS 8.1
Schneider Electric IGSS <10 - Buffer Overflow
Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol.
by Alejandro Parodi
CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service
CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition.
by Gionathan Reale
CVSS 7.5
Microsoft Edge and ChakraCore - Remote Code Execution via Memory Corruption
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301.
by Google Security Research
CVSS 7.5
ChakraCore < 1.10.1 - Remote Code Execution via Memory Corruption
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.
by Google Security Research
CVSS 7.5
Microsoft Browsers - Memory Corruption
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.
by Google Security Research
CVSS 7.5
Microsoft Edge Chakra JIT - 'InlineArrayPush' Type Confusion
by Google Security Research
Microsoft Browsers - Memory Corruption
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298.
by Google Security Research
CVSS 7.5
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
by Maxim Yefimenko
ASUSTOR ADM < 3.1.2.rhg1 - Unauthenticated Remote Code Execution via script Parameter
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.
by Matthew Fulton
CVSS 9.8
P10 Central Management Software 1.4.13 Denial of Service
P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 2000-byte payload into the password field and click login to trigger an application crash and denial of service.
by Gionathan Reale
CVSS 5.5
ObserverIP Scan Tool 1.4.0.1 Denial of Service via IP Field
ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Attackers can paste a 2000-byte buffer of repeated characters into the IP field and trigger a search operation to cause an application crash.
by Gionathan Reale
CVSS 6.2
Export Users to CSV < 1.1.1 - CSV Injection
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection.
by Javier Olmedo
CVSS 8.6
By Source