Text Exploits
31,332 exploits tracked across all sources.
Cisco WebEx Meetings Player T29.10 - RCE
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.
by COSIG
CVSS 7.8
Cisco WebEx Meetings Player T29.10 - DoS
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455.
by COSIG
CVSS 5.5
Adobe Flash Player <18.0.0.382,19.x-23.x - Memory Corruption
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990.
by COSIG
CVSS 8.8
Google Android < 7.0 - Information Disclosure
Binder in the kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30768347.
by Google Security Research
CVSS 5.5
sheed AntiVirus 2.3 Unquoted Service Path Privilege Escalation
sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges.
by Amir.ght
CVSS 7.8
RSA Enterprise Compromise Assessment Tool 4.1.0.1 - XML External Entity Injection
by SEC Consult
Minecraft Launcher 1.6.61 - Insecure File Permissions Privilege Escalation
by Ross Marks
Google Android - Resource Management Error
The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service (memory consumption, and device hang or reboot) via a large xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 29555864.
by Nightwatch Cybersecurity Research
CVSS 5.9
Zend Studio IDE 13.5.1 - Insecure File Permissions Privilege Escalation
by hyp3rlinx
Linux Kernel 4.6.3 Netfilter Privilege Escalation
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
by Qian Zhang
CVSS 7.8
Apache Tomcat on RedHat Based Systems Insecure Temp Config Privilege Escalation
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
by Dawid Golunski
CVSS 7.8
Wacom Consumer Service - Unquoted Service Path Privilege Escalation
by Ross Marks
Leap Service - Unquoted Service Path Privilege Escalation
by Ross Marks
Foxit Cloud Update Service - Unquoted Service Path Privilege Escalation
by Ross Marks
Fitbit Connect Service - Unquoted Service Path Privilege Escalation
by Ross Marks
PHP Press Release - Persistent Cross-Site Scripting
by Besim
PHP Press Release - Cross-Site Request Forgery (Add Admin)
by Besim
miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)
by Besim
Waves Audio Service - Unquoted Service Path Privilege Escalation
by Ross Marks
BlueStacks 2.5.55 - Unquoted Service Path Privilege Escalation
by Th3GundY
By Source