Exploitdb Exploits
31,332 exploits tracked across all sources.
Cisco ASA <9.7 - Heap Overflow
A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by sending a crafted URL to the affected system. An exploit could allow the remote attacker to cause a reload of the affected system or potentially execute code. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid TCP connection is needed to perform the attack. The attacker needs to have valid credentials to log in to the Clientless SSL VPN portal. Vulnerable Cisco ASA Software running on the following products may be affected by this vulnerability: Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA for Firepower 9300 Series, Cisco ASA for Firepower 4100 Series. Cisco Bug IDs: CSCvc23838.
by Google Security Research
CVSS 8.8
Debian/Ubuntu ntfs-3g Local Privilege Escalation
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.
by Google Security Research
CVSS 7.8
LG G4 - Touchscreen Driver write_log Kernel Read/Write
by Google Security Research
LG G4 - lghashstorageserver Directory Traversal
by Google Security Research
LG G4 - lgdrmserver Binder Service Multiple Race Conditions
by Google Security Research
Google Android - TOCTOU Race Condition
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33042690.
by Google Security Research
CVSS 7.8
Google Android - TOCTOU Race Condition
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33039926.
by Google Security Research
CVSS 7.8
Joomla! Component JE Ticket System 1.2 - SQL Injection
by Ihsan Sencan
Joomla! Component JE QuoteForm - 'Itemid' SQL Injection
by Ihsan Sencan
Joomla! Component JE Property Finder 1.6.3 - SQL Injection
by Ihsan Sencan
Joomla! Component JE Portfolio Creator 1.2 - 'd_itemid' SQL Injection
by Ihsan Sencan
Joomla! Component JE K2 Multiple Form Story 1.3 - 'Itemid' SQL Injection
by Ihsan Sencan
Joomla! Component JE Gallery 1.3 - 'photo_id' SQL Injection
by Ihsan Sencan
Joomla! Component JE Form Creator 1.8 - 'Itemid' SQL Injection
by Ihsan Sencan
Joomla! Component JE Directory 1.7 - 'ditemid' SQL Injection
by Ihsan Sencan
Joomla! Component JE Classify Ads 1.2 - 'pro_id' SQL Injection
by Ihsan Sencan
Joomla! Component JE Auto 1.5 - 'd_itemid' SQL Injection
by Ihsan Sencan
Joomla! Component JE auction 1.6 - 'eid' SQL Injection
by Ihsan Sencan
By Source