Exploitdb Exploits
50,076 exploits tracked across all sources.
PROLiNK H5004NK ADSL Wireless Modem - Multiple Vulnerabilities
by Karn Ganeshen
netis RealTek Wireless Router / ADSL Modem - Multiple Vulnerabilities
by Karn Ganeshen
Boxoft WAV to MP3 Converter 1.1 - Local Buffer Overflow (SEH)
by ArminCyber
KCodes NetUSB - Stack-Based Buffer Overflow via Long Computer Name
Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long computer name in a session on TCP port 20005.
by blasty
ZyXEL PMG5318-B20A <1.00(AANC.2)C0 - RCE
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter.
by Karn Ganeshen
CVSS 9.8
Zhone zNID GPON 2426A < S3.0.501 - Unauthenticated Password Disclosure via Session Key in URL
backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf.
by Lyon Yang
CVSS 8.8
Zhone zNID 2426A < s3.0.501 - Authenticated Authorization Bypass via Insecure Direct Object Reference
The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference.
by Lyon Yang
CVSS 8.8
libsndfile 1.0.25 - Buffer Overflow
Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.
by Marco Romano
Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities
by Karn Ganeshen
F5 Enterprise Manager 3.0.0-3.1.1 - Authenticated Path Traversal
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.
by Karn Ganeshen
Zhone zNID GPON 2426A <S3.0.501 - RCE
The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.
by Lyon Yang
CVSS 8.8
Tomabo MP4 Converter 3.10.12 < 3.11.12 - '.m3u' File Crush Application (Denial of Service)
by mohammed Mohammed
Joomla! Component com_realestatemanager 3.7 - SQL Injection
by Omer Ramić
Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) / Arbitrary File Upload / PHP Code Execution
by LiquidWorm
PHPMyLicense 3.0.0 < 3.1.4 - Denial of Service
by Aria Akhavan Rezayat
VeryPDF Image2PDF Converter - Local Buffer Overflow (SEH)
by Robbie Corley
Kallithea <0.3 - HTTP Response Splitting
CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.
by LiquidWorm
Plone - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
by hyp3rlinx
CVSS 8.8
GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution
by Raffaele Forte
By Source