Exploitdb Exploits
50,076 exploits tracked across all sources.
Easy File Sharing Web Server 7.2 - 'POST' Remote Buffer Overflow
by Touhid M.Shaikh
Disk Pulse 9.7.26 - 'Add Directory' Local Buffer Overflow
by abatchy17
GStreamer < 1.10.1 - Denial of Service via MPEG-TS PAT Parser
The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
by Hanno Boeck
CVSS 5.5
Easy File Sharing Web Server 7.2 - Authentication Bypass
by Touhid M.Shaikh
Sync Breeze 9.7.26 - 'Add Exclude Directory' Local Buffer Overflow
by abatchy17
DiskBoss 8.0.16 - 'Input Directory' Local Buffer Overflow
by abatchy17
WP Jobs < 1.4 - Authenticated SQL Injection via jobid Parameter
SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php.
by Dimitrios Tsagkarakis
CVSS 8.8
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
by abatchy17
VMware vSphere Data Protection 5.5.x-6.1.x - Remote Code Execution via Deserialization
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.
by Kelly Correll
CVSS 9.8
Mapscrn 2.0.3 Stack-Based Buffer Overflow
Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer with junk data, return address, NOP instructions, and shellcode to overflow the stack and achieve code execution or denial of service.
by Juan Sacco
CVSS 8.4
IPFire < 2.19 - Authenticated Remote Command Injection via OINKCODE Parameter
IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.
by 0x09AL
CVSS 8.8
libquicktime 1.2.4 - Denial of Service via Crafted MP4 File
The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
libquicktime - Denial of Service via Crafted MP4 File
The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
libquicktime - Denial of Service via Heap-Based Buffer Over-Read in lqt_frame_duration
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
libquicktime 1.2.4 - Denial of Service via Crafted MP4 File
The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
libquicktime 1.2.4 - Denial of Service via Crafted MP4 File
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
libquicktime 1.2.4 - Denial of Service via Crafted MP4 File
The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
libcroco 0.6.12 - Denial of Service via Crafted CSS File
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.
by qflb.wu
CVSS 6.5
EFS Software Easy Chat Server <3.1 - Info Disclosure
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.
by Aitezaz Mohsin
CVSS 7.5
EFS Software Easy Chat Server <3.1 - Buffer Overflow
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.
by Aitezaz Mohsin
CVSS 9.8
EFS Software Easy Chat Server <3.1 - RCE
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
by Aitezaz Mohsin
CVSS 7.5
By Source