Exploitdb Exploits

31,329 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109340 EXPLOITDB text
Matrimonial Script 2.7 - Authentication Bypass
by Ali BawazeEer
CVE-2017-6998 EXPLOITDB HIGH text VERIFIED
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
CVE-2017-6997 EXPLOITDB HIGH text VERIFIED
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
CVE-2017-6996 EXPLOITDB HIGH text VERIFIED
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
CVE-2017-6995 EXPLOITDB HIGH text VERIFIED
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
CVE-2017-6994 EXPLOITDB HIGH text VERIFIED
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
CVE-2017-6989 EXPLOITDB HIGH text VERIFIED
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
CVE-2017-6979 EXPLOITDB HIGH text VERIFIED
Apple <10.3.2, <10.12.5, <10.2.1, <3.2.2 - RCE
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
by Zimperium zLabs Team
CVSS 7.0
CVE-2017-6999 EXPLOITDB HIGH text VERIFIED
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
EIP-2026-108848 EXPLOITDB text
Joomla! Component Responsive Portfolio 1.6.1 - SQL Injection
by Ihsan Sencan
EIP-2026-108830 EXPLOITDB text
Joomla! Component Photo Contest 1.0.2 - SQL Injection
by Ihsan Sencan
EIP-2026-108820 EXPLOITDB text
Joomla! Component OSDownloads 1.7.4 - SQL Injection
by Ihsan Sencan
EIP-2026-105310 EXPLOITDB text
AutoCar 1.1 - 'category' SQL Injection
by Bora Bozdogan
EIP-2026-108834 EXPLOITDB text
Joomla! Component Price Alert 3.0.2 - 'product_id' SQL Injection
by Ihsan Sencan
EIP-2026-108219 EXPLOITDB text
Joomla! Component Bargain Product VM3 1.0 - 'product_id' SQL Injection
by Ihsan Sencan
CVE-2017-12953 EXPLOITDB MEDIUM text
Libgig - Out-of-Bounds Write
The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
CVE-2017-12952 EXPLOITDB MEDIUM text
Libgig - NULL Pointer Dereference
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
CVE-2017-12951 EXPLOITDB MEDIUM text
Libgig - Out-of-Bounds Read
The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
CVE-2017-12950 EXPLOITDB MEDIUM text
Linuxsampler Libgig - NULL Pointer Dereference
The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
CVE-2017-12954 EXPLOITDB MEDIUM text
Libgig - Out-of-Bounds Read
The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
CVE-2017-9644 EXPLOITDB HIGH text
ALC WebCTRL <6.5 - Code Injection
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.
by LiquidWorm
CVSS 7.0
EIP-2026-109339 EXPLOITDB text
Matrimonial Script - SQL Injection
by Ihsan Sencan
CVE-2017-9640 EXPLOITDB MEDIUM text
ALC WebCTRL <6.5 - Path Traversal
A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software.
by LiquidWorm
CVSS 6.3
CVE-2017-12970 EXPLOITDB HIGH text
Apache2triad - CSRF
Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php.
by hyp3rlinx
CVSS 8.8
CVE-2017-12965 EXPLOITDB CRITICAL text
Apache2Triad 1.5.4 - Info Disclosure
Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
by hyp3rlinx
CVSS 9.8
By Source
All 31,329 Writeup 57,947 Exploitdb 49,983 Nomisec 21,452 Metasploit 3,217 Github 2,520 Vulncheck_xdb 901 Inthewild 514 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,329 python 5,909 ruby 5,906 c 3,561 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 88 go 53 postscript 25 xml 24