Exploitdb Exploits
4,733 exploits tracked across all sources.
PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure
by Yakir Wizman
Cherry Music <0.36.0 - Path Traversal
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
by feedersec
CVSS 4.3
Oracle MySQL, MariaDB, Percona Server - Privilege Escalation via my.cnf
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
by Dawid Golunski
CVSS 9.8
Vodafone Mobile Wifi - Reset Admin Password
by Daniele Linguaglossa
LogMeIn Client 1.3.2462 (x64) - Local Credentials Disclosure
by Yakir Wizman
Dropbox Desktop Client 9.4.49 (x64) - Local Credentials Disclosure
by Yakir Wizman
Apple iCloud Desktop Client 5.2.1.0 - Local Credentials Disclosure
by Yakir Wizman
TeamViewer 11.0.65452 (x64) - Local Credentials Disclosure
by Alexander Korznikov
Adobe ColdFusion <11-Update 10 - Info Disclosure
The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by Dawid Golunski
CVSS 8.6
GNU C Library <2.23 - Buffer Overflow
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
by SpeeDr00t
CVSS 8.1
Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure
by Yakir Wizman
Belkin F9K1122v1 1.00.30 - Buffer Overflow (via Cross-Site Request Forgery)
by b1ack0wl
Goron WebServer 2.0 - Multiple Vulnerabilities
by Guillaume Kaddouch
Samsung Smart Home Camera SNH-P-6410 - Command Injection
by PentestPartners
FreePBX 13/14 - Remote Command Execution / Privilege Escalation
by pgt
vBulletin <4.2.2 PL6-5.2.2 PL1 - SSRF
The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code.
by Dawid Golunski
CVSS 8.6
zFTP Client 20061220+dfsg3-4.1 Local Buffer Overflow
zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges.
by Juan Sacco
CVSS 8.4
By Source