Exploitdb Exploits
50,076 exploits tracked across all sources.
HNB Organizer 1.9.18-10 Local Buffer Overflow via -rc Parameter
HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -rc command-line parameter. Attackers can craft a malicious input string exceeding 108 bytes containing shellcode and a return address to overwrite the stack and achieve code execution.
by Juan Sacco
CVSS 8.4
PInfo 0.6.9-5.1 Local Buffer Overflow via -m Parameter
PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges.
by Juan Sacco
CVSS 8.4
Panda Security Products <16.1.2 - Code Injection
PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2).
by Security-Assessment.com
VUPlayer 2.49 (Windows 7) - '.m3u' Local Buffer Overflow (DEP Bypass)
by secfigo
Mediacoder 0.8.43.5830 - '.m3u' Local Buffer Overflow (SEH)
by Sibusiso Sishi
Riverbed SteelCentral NetProfiler & NetExpress 10.8.7 - Multiple Vulnerabilities
by Security-Assessment.com
iBilling 3.7.0 - Persistent Cross-Site Scripting / Reflected Cross-Site Scripting
by Bikramaditya Guha
CodoForum 3.4 - Persistent Cross-Site Scripting
by Ahmed Sherif
Option CloudGate CG0192-11897 - Multiple Vulnerabilities
by LiquidWorm
Magnet Networks Tesley CPVA 642 Router - Weak WPA-PSK Passphrase Algorithm
by Matt O'Connor
XuezhuLi FileSharing - Cross-Site Request Forgery (Add User)
by HaHwul
Alibaba Clone B2B Script - Arbitrary File Disclosure
by Meisam Monsef
Wolf CMS < 0.8.3.1 - Authenticated Arbitrary File Upload and PHP Code Execution via File Manager
Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality.
by s0nk3y
CVSS 8.8
PCMan FTP Server 2.0.7 - 'ls' Remote Buffer Overflow (Metasploit)
by quanyechavshuo
Microsoft JScript/VBScript <5.8 - RCE
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.
by Brian Pak
CVSS 7.5
Wolf CMS < 0.8.3.1 - Authenticated Arbitrary File Upload and PHP Code Execution via File Manager
Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality.
by s0nk3y
CVSS 8.8
Windows 10 - Local Privilege Escalation via Kernel-Mode Driver
The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 7.8
By Source