Exploitdb Exploits
50,095 exploits tracked across all sources.
ProFTPD < 1.3.3d - Denial of Service via Malformed SSH Message
Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
by kingcope
Multiple Check Point Endpoint Security Products - Information Disclosure
by Rapid7
SMC SMCD3G-CCR Firmware < 1.4.0.49 - Cross-Site Request Forgery via Web Interface
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or hijack the authentication of administrators for requests that (2) enable external logins via an mso_remote_enable action to goform/RemoteRange or (3) change DNS settings via a manual_dns_enable action to goform/Basic.
by Trustwave's SpiderLabs
SMC SMCD3G-CCR < 1.4.0.49 - Unauthenticated Administrative Access via Default Credentials
A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface.
by Trustwave's SpiderLabs
Hanso Player 1.4.0.0 - 'Skinfile' Buffer Overflow (Denial of Service)
by badc0re
Hanso Converter 1.1.0 - BufferOverflow Denial of Service
by badc0re
Dew-NewPHPLinks 2.1b - 'index.php' SQL Injection
by AtT4CKxT3rR0r1ST
SMC SMCD3G-CCR - Session Hijacking via Predictable Session ID
The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie.
by Trustwave's SpiderLabs
Qcodo Development Framework 0.3.3 - Full Information Disclosure
by Daniel Godoy
Escort und Begleitservice Agentur Script - SQL Injection
by NoNameMT
reos 2.0.5 - Multiple Vulnerabilities
by High-Tech Bridge SA
Podcast Generator 1.3 - Multiple Vulnerabilities
by High-Tech Bridge SA
SMC Networks SMCD3G Session Management - Authentication Bypass
by Zack Fasel & Matthew Jakubowski
AOL Desktop < 9.6 - Stack-based Buffer Overflow via RTX Hyperlink Tag
AOL Desktop 9.6 contains a buffer overflow vulnerability in its Tool\rich.rct component when parsing .rtx files. By embedding an overly long string in a hyperlink tag, an attacker can trigger a stack-based buffer overflow due to the use of unsafe strcpy operations. This allows remote attackers to execute arbitrary code when a victim opens a malicious .rtx file. AOL Desktop is end-of-life and no longer supported. Users are encouraged to migrate to AOL Desktop Gold or alternative platforms.
by sickness
QuickShare File Server 1.2.1 - Path Traversal
QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement.
by modpr0be
Majordomo <20110131 - Path Traversal
Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.
by Michael Brooks
FTPGetter 3.58.0.21 - 'PASV' Remote Buffer Overflow
by modpr0be
Octeth Oempro 3.6.4 - SQL Injection / Information Disclosure
by Ignacio Garrido
By Source