Exploitdb Exploits
50,076 exploits tracked across all sources.
Wireshark 2.x < 2.0.5 - Denial of Service via CORBA IDL Dissector
The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
by Igor
CVSS 5.9
Wireshark 2.x < 2.0.5 - Denial of Service via Crafted Packet in MMSE/WAP/WBXML/WSP Dissectors
epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors.
by Antti Levomäki
CVSS 5.9
Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - WSP Dissector Denial of Service
by Chris Benedict
Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - RLC Dissector Denial of Service
by Antti Levomäki
Wireshark 1.12.x < 1.12.13 and 2.x < 2.0.5 - Denial of Service via PacketBB Dissector
epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.
by Chris Benedict
CVSS 5.9
Wireshark 1.12.x < 1.12.13 - Denial of Service via NCP2222 Dissector NULL Pointer Dereference
epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
by Chris Benedict
CVSS 5.9
Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)
by Vinesh Redkar
Halliburton LogView Pro 9.7.5 - '.cgm' / '.tif' / '.tiff' / '.tifh' Crash (PoC)
by Karn Ganeshen
WordPress Plugin WP Live Chat Support 6.2.03 - Persistent Cross-Site Scripting
by Dennis Kerdijk & Erwin Kievith
WordPress Plugin Booking Calendar 6.2 - SQL Injection
by Edwin Molenaar
WordPress Plugin ALO EasyMail NewsLetter 2.9.2 - Cross-Site Request Forgery (Add/Import Arbitrary Subscribers)
by Yorick Koster
Easy File Sharing Web Server 7.2 - Remote Overflow (Egghunter) (SEH)
by ch3rn0byl
VUPlayer 2.49 - '.pls' File Stack Buffer Overflow (DEP Bypass)
by vportal
WordPress Plugin Ultimate Product Catalog 3.9.8 - do_shortcode via ajax Blind SQL Injection
by i0akiN SEC-LABORATORY
phpMyAdmin <4.0.10.16, <4.4.15.7, <4.6.3 - RCE
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
by @iamsecurity
CVSS 9.8
WebKit - TypedArray.fill Memory Corruption
by Google Security Research
WebKit - TypedArray.copyWithin Memory Corruption
by Google Security Research
Trend Micro Deep Discovery Inspector <3.8 - RCE
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
by korpritzombie
CVSS 7.2
AXIS network cameras - Command Injection
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
by Orwelllabs
CVSS 8.8
Barracuda Web Application Firewall 8.0.1.008 - (Authenticated) Remote Command Execution (Metasploit)
by xort
Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit) (3)
by xort
AppArmor securityfs < 4.8 - 'aa_fs_seq_hash_show' Reference Count Leak
by Google Security Research
By Source