Text Exploits
31,386 exploits tracked across all sources.
Apport < 2.20.4 - Remote Code Execution via CrashDB Field Evaluation
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
by Donncha OCearbhaill
CVSS 7.8
Adobe Animate <= 15.2.1.95 - Memory Corruption
Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
by hyp3rlinx
CVSS 9.8
Debian jessie <1.0.9.8.4, Debian unstable <1.4~beta2, Ubuntu 14.04 ...
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
by Google Security Research
CVSS 5.9
Apport < 2.20.3 - Unauthenticated Command Execution via Malicious Crash File
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.
by Donncha OCearbhaill
CVSS 6.5
Google Chrome (Fedora 25 / Ubuntu 16.04) - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download
by Chris Evans
Apple Iphone OS < 10.2 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is affected. watchOS before 3.1.1 is affected. The issue involves the "Profiles" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted certificate profile.
by Maksymilian Arciemowicz
CVSS 8.8
EasyPHP Devserver 16.1.1 - Insecure File Permissions Privilege Escalation
by Ashiyane Digital Security Team
Cisco Unified Communications Manager - Path Traversal
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.
by justpentest
NETGEAR D6220/D6400/R6250/R6400/R6700/R6900/R7000/R7100LG/R7300DST/R7900/R8000 Firmware - Remote Code Execution
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
by Acew0rm
CVSS 8.8
Microsoft Edge - Remote Code Execution via Memory Corruption
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6153.
by Skylined
Microsoft Edge - Remote Code Execution via Memory Corruption
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."
by Skylined
CVSS 8.8
Android 6.x-7.0 - Privilege Escalation via System Server
An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31350622.
by Google Security Research
CVSS 7.8
Google Android - 'IOMXNodeInstance::enableNativeBuffers' Unchecked Index
by Google Security Research
Single Personal Message 1.0.3 WordPress Plugin SQL Injection
Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attackers can access the admin interface and supply crafted SQL statements in the message parameter to extract sensitive database information including user credentials and site configuration data.
by Lenon Leite
CVSS 7.1
Microsoft MSINFO32.EXE 6.1.7601 - '.NFO' XML External Entity Injection
by hyp3rlinx
Windows Event Viewer - Info Disclosure
An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.
To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to import the file.
The update addresses the vulnerability by modifying the way that the Event Viewer parses XML input.
by hyp3rlinx
CVSS 4.7
Apache CouchDB <2.0.0 - Privilege Escalation
The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1.
by hyp3rlinx
CVSS 7.8
Shuttle Tech ADSL Wireless 920 WM - Multiple Vulnerabilities
by Persian Hack Team
By Source