Exploitdb Exploits
50,076 exploits tracked across all sources.
Advantech SUISAccess Server <3.0 - Path Traversal
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.
by James Fitts
CVSS 7.0
SOL.Connect ISET-mpp meter <1.2.4.2 - SQL Injection
SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action.
by Andy Tan
CVSS 9.8
Sound eXchange 14.4.2 - Denial of Service via Crafted HCOM File
The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.
by qflb.wu
CVSS 5.5
libvorbis 1.3.5 - Denial of Service via Crafted WAV File
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
by qflb.wu
CVSS 5.5
Sound eXchange 14.4.2 - Denial of Service via Crafted WAV File
The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.
by qflb.wu
CVSS 5.5
libmp3splt 0.9.2 - Denial of Service via Crafted OGG File
plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
by qflb.wu
CVSS 5.0
vorbis-tools 1.4.0 - Denial of Service via Crafted WAV File
The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file.
by qflb.wu
CVSS 5.5
Sound eXchange 14.4.2 - Denial of Service via Crafted SND File Conversion
The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.
by qflb.wu
CVSS 5.5
Xiph.Org libao 1.2.0 - Memory Corruption
The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file.
by qflb.wu
CVSS 5.5
DivFix++ - Out-of-bounds Write in AVI Header Fix Function
The DivFixppCore::avi_header_fix function in DivFix++Core.cpp in DivFix++ v0.34 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted avi file.
by qflb.wu
CVSS 5.5
DiskBoss Enterprise <8.2.14 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts.
by Ahmad Mahfouz
McAfee Live Safe <16.0.3, MSS+ <3.11.599.3 - Code Injection
A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response.
by SecuriTeam
CVSS 9.8
Jenkins XStream Groovy classpath Deserialization Vulnerability
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
by Janusz Piechówka
CVSS 8.8
SoundTouch 1.9.2 - Denial of Service via Crafted WAV File
The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file.
by qflb.wu
CVSS 5.5
SoundTouch 1.9.2 - Denial of Service via Crafted WAV File
The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file.
by qflb.wu
CVSS 5.5
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting via FortiToken Activation Action Input
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
by patryk_bogdan
CVSS 6.1
FortiOS 5.4.0-5.4.4 and 5.6.0 - Cross-Site Scripting via FortiView Applications Filter Input
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.
by patryk_bogdan
CVSS 5.4
SoundTouch 1.9.2 - Denial of Service via Crafted WAV File
The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.
by qflb.wu
CVSS 5.5
libjpeg-turbo 1.5.1 - Denial of Service via Crafted JPG File
The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code caused by misuse of the libjpeg API
by qflb.wu
CVSS 8.8
LAME 3.99.5 - Denial of Service via Crafted WAV File
The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.
by qflb.wu
CVSS 5.5
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting via SSL-VPN Replacement Message
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
by patryk_bogdan
CVSS 6.1
Joomla! Component CCNewsLetter 2.1.9 - 'sbid' SQL Injection
by Shahab Shamsi
GNU libiberty - Remote Code Execution via Integer Overflow in cplus-dem.c
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.
by Marcel Böhme
CVSS 7.8
Windows Shell - Remote Code Execution via Crafted .LNK File
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."
by Yorick Koster
CVSS 8.8
By Source