Exploitdb Exploits

2,012 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-2442 EXPLOITDB MEDIUM html VERIFIED
Apple Safari < 10.0.3 - Improper Input Validation
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
by Google Security Research
CVSS 6.5
CVE-2017-2454 EXPLOITDB HIGH html VERIFIED
Apple Safari < 10.0.3 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2459 EXPLOITDB HIGH html VERIFIED
Apple Safari < 10.0.3 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2476 EXPLOITDB HIGH html VERIFIED
Apple Safari < 10.1 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2471 EXPLOITDB HIGH html VERIFIED
Apple Safari - Use After Free
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2455 EXPLOITDB HIGH html VERIFIED
Apple Safari < 10.0.3 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2460 EXPLOITDB HIGH html VERIFIED
Apple Safari < 10.0.3 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2466 EXPLOITDB HIGH html VERIFIED
Apple Safari < 10.0.3 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2447 EXPLOITDB HIGH html VERIFIED
Apple Safari < 10.0.3 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site.
by Google Security Research
CVSS 8.1
CVE-2017-2446 EXPLOITDB HIGH html VERIFIED
Apple <10.3 - RCE
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions.
by Google Security Research
CVSS 8.8
CVE-2017-2446 EXPLOITDB HIGH html VERIFIED
Apple <10.3 - RCE
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions.
by Google Security Research
CVSS 8.8
CVE-2017-0059 EXPLOITDB MEDIUM html VERIFIED
Microsoft Internet Explorer - Information Disclosure
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009.
by Google Security Research
CVSS 4.3
CVE-2017-5404 EXPLOITDB CRITICAL html VERIFIED
Debian Linux < 45.8.0 - Use After Free
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
by Google Security Research
CVSS 9.8
CVE-2017-0070 EXPLOITDB HIGH html VERIFIED
Microsoft Edge - Use After Free
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.
by Google Security Research
CVSS 7.5
CVE-2016-4657 EXPLOITDB HIGH html
Apple Iphone OS < 9.3.5 - Out-of-Bounds Write
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
by qwertyoruiop
CVSS 8.8
EIP-2026-119687 EXPLOITDB html
WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery
by KoreLogic
CVE-2017-6803 EXPLOITDB HIGH html VERIFIED
SolarWinds FTP Voyager 16.2.0 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml.
by hyp3rlinx
CVSS 8.8
EIP-2026-104353 EXPLOITDB html
Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
by SEC Consult
EIP-2026-104352 EXPLOITDB html
Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
by SEC Consult
EIP-2026-104351 EXPLOITDB html
Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
by SEC Consult
CVE-2017-7178 EXPLOITDB HIGH html
Deluge <1.3.14 - CSRF
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.
by Kyle Neideck
CVSS 8.8
CVE-2017-20065 EXPLOITDB MEDIUM html
Supsystic Popup Plugin <1.7.6 - CSRF
A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
by Radjnies Bhansingh
CVSS 4.3
EIP-2026-113790 EXPLOITDB html
WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery
by Yorick Koster
EIP-2026-113745 EXPLOITDB html
WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery
by David Vaartjes
EIP-2026-113649 EXPLOITDB html
WordPress Plugin Contact Form Manager - Cross-Site Request Forgery / Cross-Site Scripting
by Edwin Molenaar
By Source
All 2,012 Exploitdb 50,123 Writeup 46,591 Nomisec 21,116 Metasploit 3,189 Github 2,221 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,726 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24