Exploitdb Exploits
50,095 exploits tracked across all sources.
Beckhoff TwinCAT <2.11.0.2004 - DoS
Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read.
by Luigi Auriemma
WordPress Plugin E-Commerce 3.8.6 - SQL Injection
by Miroslav Stampar
WordPress Plugin Auctions 1.8.8 - 'wpa_id' SQL Injection
by sherl0ck_
Microsoft SharePoint 2007/2010 - 'Source' Multiple Open Redirections
by Irene Abezgauz
Carel PlantVisor <2.4.4 - Path Traversal
Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
by Luigi Auriemma
TurboPower Abbrevia < 3.05 - Buffer Overflow via Crafted ZIP File
Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ScadaPhone 5.3.11.1230 and earlier, ScadaTEC ModbusTagServer 4.1.1.81 and earlier, and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP file.
by Metasploit
Windows Server 2003 SP2 and Server 2008 - Remote Code Execution via Crafted Packets
WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
by Luigi Auriemma
Microsoft WINS - Privilege Escalation
WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
by Core Security
ForumPress < 1.7.4 - SQL Injection via groupid Parameter
SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the groupid parameter in an editgroup action.
by Miroslav Stampar
Scadatec Procyon SCADA < 1.14 - Remote Code Execution via Long Telnet Password
Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password to the Telnet (TCP/23) port, which triggers an out-of-bounds read or write, leading to a stack-based buffer overflow.
by Metasploit
KnFTP 1.0.0 - Remote Code Execution via Multiple Stack-Based Buffer Overflows
Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote attackers to execute arbitrary code via a long string to the (1) USER, (2) PASS, (3) REIN, (4) QUIT, (5) PORT, (6) PASV, (7) TYPE, (8) STRU, (9) MODE, (10) RETR, (11) STOR, (12) APPE, (13) ALLO, (14) REST, (15) RNFR, (16) RNTO, (17) ABOR, (18) DELE, (19) CWD, (20) LIST, (21) NLST, (22) SITE, (23) STST, (24) HELP, (25) NOOP, (26) MKD, (27) RMD, (28) PWD, (29) CDUP, (30) STOU, (31) SNMT, (32) SYST, and (33) XPWD commands.
by blake
Wav Player 1.1.3.6 - '.pll' Local Buffer Overflow
by Iván García Ferreira
TurboPower Abbrevia < 3.05 - Buffer Overflow via Crafted ZIP File
Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ScadaPhone 5.3.11.1230 and earlier, ScadaTEC ModbusTagServer 4.1.1.81 and earlier, and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP file.
by mr_me
TomatoCart 1.1 - (Authenticated) Local File Inclusion
by brain[pillow]
Papoo CMS Light 4.0 - Multiple Cross-Site Scripting Vulnerabilities
by Stefan Schurtz
Orion Network Performance Monitor 10.1.3 - 'CustomChart.aspx' Cross-Site Scripting
by Gustavo Roberto
WordPress Plugin Tune Library 2.17 - SQL Injection
by Miroslav Stampar
Bisonware FTP Server < 4.1 - Buffer Overflow via Long USER LIST or CWD Commands
Buffer overflows in Bisonware FTP server prior to 4.1 allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via long (1) USER, (2) LIST, or (3) CWD commands.
by SecPod Research
MelOn Player 1.0.11.x - Denial of Service (PoC)
by modpr0be
By Source