Exploitdb Exploits
50,076 exploits tracked across all sources.
Cerberus FTP Server 8.0.10.1 - Denial of Service via Long Host Header
In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.
by Peter Baris
CVSS 7.5
Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder
by Google Security Research
NETGEAR D6220/D6400/R6250/R6400/R6700/R6900/R7000/R7100LG/R7300DST/R7900/R8000 Firmware - Remote Code Execution
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
by Metasploit
CVSS 8.8
Ether Software Easy MOV Converter 1.4.24 - Buffer Overflow via Long Username
Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB to DVD Burner, Easy CD DVD Copy, MP3/AVI/MPEG/WMV/RM to Audio CD Burner, MP3/WAV/OGG/WMA/AC3 to CD Burner, MP3 WAV to CD Burner, My Video Converter, Easy AVI DivX Converter, Easy Video to iPod Converter, Easy Video to PSP Converter, Easy Video to 3GP Converter, Easy Video to MP4 Converter, and Easy Video to iPod/MP4/PSP/3GP Converter allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long username.
by Muhann4d
CVSS 7.8
iPhone OS < 9.3.5 - Remote Code Execution via WebKit Memory Corruption
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
by qwertyoruiop
CVSS 8.8
Fortinet FortiClient 5.2.3 (Windows 10 x86) - Local Privilege Escalation
by sickness
MobaXterm Personal Edition 9.4 - Path Traversal
Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command.
by hyp3rlinx
CVSS 5.3
Yellow Pages Script 3.2 - 'category_id' SQL Injection
by Ihsan Sencan
Fiyo CMS 2.0.6.1 - Privilege Escalation
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.
by rungga_reksya
CVSS 8.8
dnaTools dnaLIMS 4-2015s13 - Insufficiently Protected Credentials in Password Storage
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).
by Shorebreak Security
CVSS 8.1
dnaTools dnaLIMS 4-2015s13 - Unauthenticated Path Traversal via viewAppletFsa.cgi seqID Parameter
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).
by Shorebreak Security
CVSS 7.5
dnaTools dnaLIMS 4-2015s13 - Unauthenticated Remote Code Execution via sysAdmin.cgi
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).
by Shorebreak Security
CVSS 9.8
WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery
by KoreLogic
By Source