Exploitdb Exploits

4,759 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-116413 EXPLOITDB python
Tizen Studio 1.3 Smart Development Bridge < 2.3.2 - Buffer Overflow (PoC)
by Marcin Kopec
CVE-2017-5223 EXPLOITDB MEDIUM python
PHPMailer < 5.2.22 - Unauthenticated Sensitive Information Exposure via msgHTML Image Attachment Handling
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.
by Maciek Krupa
CVSS 5.5
EIP-2026-117593 EXPLOITDB python
Mikogo 5.4.1.160608 - Local Credentials Disclosure
by LiquidWorm
CVE-2017-14143 EXPLOITDB CRITICAL python VERIFIED
Kaltura Server < mercury-13.1.0 - Remote Code Execution via Hardcoded Cookie Secret
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.
by Robin Verton
CVSS 9.8
CVE-2017-15222 EXPLOITDB CRITICAL python VERIFIED
nftp < 2.0 - Remote Code Execution via Buffer Overflow
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
by Berk Cem Göksel
CVSS 9.8
CVE-2017-15223 EXPLOITDB MEDIUM python
ArGoSoft Mini Mail Server < 1.0.0.2 - Denial of Service via Infinite Loop
Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop.
by Berk Cem Göksel
CVSS 5.3
EIP-2026-119187 EXPLOITDB python VERIFIED
Sync Breeze Enterprise 10.1.16 - 'POST' Remote Buffer Overflow
by mschenk
CVE-2017-14955 EXPLOITDB MEDIUM python
Checkmk - Information Disclosure
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.
by Julien Ahrens
CVSS 5.9
CVE-2017-15276 EXPLOITDB HIGH python
OpenText Documentum Content Server < 7.3 - Authenticated Path Traversal via TAR Archive Symlinks
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.
by Andrey B. Panfilov
CVSS 8.8
CVE-2017-15012 EXPLOITDB HIGH python
OpenText Documentum Content Server < 7.3 - Authenticated Arbitrary File Read via PUT_FILE RPC Command
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.
by Andrey B. Panfilov
CVSS 8.8
CVE-2017-15014 EXPLOITDB MEDIUM python
OpenText Documentum Content Server < 7.3 - Authenticated Arbitrary File Download via DATA_TICKET Manipulation
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the repository, he performs the following steps: (1) calls the START_PUSH RPC-command; (2) uploads the file to the content server; (3) calls the END_PUSH_V2 RPC-command (here, Content Server returns a DATA_TICKET integer, intended to identify the location of the uploaded file on the Content Server filesystem); (4) creates a dmr_content object in the repository, which has a value of data_ticket equal to the value of DATA_TICKET returned at the end of END_PUSH_V2 call. As the result of this design, any authenticated user may create his own dmr_content object, pointing to already existing content in the Content Server filesystem.
by Andrey B. Panfilov
CVSS 4.3
CVE-2017-15013 EXPLOITDB HIGH python
OpenText Documentum Content Server < 7.3 - Authenticated Privilege Escalation via dmr_content Object Manipulation
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges.
by Andrey B. Panfilov
CVSS 8.8
CVE-2017-13772 EXPLOITDB HIGH python
TP-Link WR940N Hardware v4 - Authenticated Remote Code Execution via PingIframeRpm.htm or WanStaticIpV6CfgRpm.htm
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm.
by Fidus InfoSecurity
CVSS 8.8
CVE-2017-15221 EXPLOITDB HIGH python
ASX to MP3 Converter 3.1.3.7.2010.11.05 - Buffer Overflow via Crafted M3U File
ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a crafted M3U file, a related issue to CVE-2009-1324.
by Parichay Rai
CVSS 7.8
CVE-2017-15220 EXPLOITDB CRITICAL python
Flexense VX Search Enterprise 10.1.12 - Remote Code Execution via Buffer Overflow in Long URI
Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code.
by Revnic Vasile
CVSS 9.8
CVE-2017-12617 EXPLOITDB HIGH python VERIFIED
Apache Tomcat 7.0.0-7.0.81, 8.0.0.RC1-8.0.46, 8.5.0-8.5.22, 9.0.0.M1-9.0.0 - Remote Code Execution via JSP Upload
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
by intx0x80
CVSS 8.1
CVE-2017-15035 EXPLOITDB HIGH python VERIFIED
EmTec PyroBatchFTP < 3.17 - Denial of Service via Buffer Overflow
EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial of service (application crash).
by Kevin McGuigan
CVSS 7.5
EIP-2026-117100 EXPLOITDB python
Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Local Buffer Overflow (SEH)
by Venkat Rajgor
EIP-2026-105938 EXPLOITDB python
ClipBucket 2.8.3 - Remote Code Execution
by Meisam Monsef
EIP-2026-117060 EXPLOITDB python
DiskBoss Enterprise 8.4.16 - Local Buffer Overflow
by C4t0ps1s
CVE-2017-14493 EXPLOITDB CRITICAL python VERIFIED
dnsmasq <2.78 - Buffer Overflow
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.
by Google Security Research
CVSS 9.8
CVE-2017-14495 EXPLOITDB HIGH python VERIFIED
dnsmasq <2.78 - DoS
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
by Google Security Research
CVSS 7.5
CVE-2017-14496 EXPLOITDB HIGH python VERIFIED
dnsmasq <2.78 - DoS
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
by Google Security Research
CVSS 7.5
CVE-2017-14494 EXPLOITDB MEDIUM python VERIFIED
dnsmasq <2.78 - Info Disclosure
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
by Google Security Research
CVSS 5.9
CVE-2017-14492 EXPLOITDB CRITICAL python VERIFIED
dnsmasq <2.78 - Buffer Overflow
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
by Google Security Research
CVSS 9.8
By Source
All 4,759 Writeup 62,524 Exploitdb 50,076 Nomisec 22,474 Github 3,707 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,611 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 136 go 73 postscript 25 typescript 25