Exploitdb Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-10738 EXPLOITDB HIGH text VERIFIED
Zenbership v107 - Cross-Site Request Forgery via Event Add Function
Zenbership v107 has CSRF via admin/cp-functions/event-add.php.
by Besim
CVSS 8.8
CVE-2016-9018 EXPLOITDB MEDIUM text VERIFIED
RealNetworks RealPlayer <18.1.5.705 - Memory Corruption
Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.
by Alwin Peppels
CVSS 5.5
EIP-2026-108940 EXPLOITDB text
Just Dial Clone Script - 'srch' SQL Injection
by Arbin Godar
CVE-2016-5537 EXPLOITDB MEDIUM text VERIFIED
Oracle NetBeans 8.1 - Directory Traversal and Arbitrary File Write via ZIP Project Import
Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the October 2016 CPU. Oracle has not commented on third-party claims that this issue is a directory traversal vulnerability which allows local users with certain permissions to write to arbitrary files and consequently gain privileges via a .. (dot dot) in a archive entry in a ZIP file imported as a project.
by hyp3rlinx
CVSS 5.7
CVE-2016-3473 EXPLOITDB HIGH text
Oracle BI Publisher - Info Disclosure
Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors.
by Jakub Palaczynski
CVSS 7.7
CVE-2016-3376 EXPLOITDB HIGH text VERIFIED
Windows Kernel-Mode Drivers - Privilege Escalation via Crafted Application
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." a different vulnerability than CVE-2016-3266, CVE-2016-7185, and CVE-2016-7211.
by Google Security Research
CVSS 7.8
CVE-2016-0070 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows - Unauthorized Registry Information Disclosure via Kernel API
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 5.5
CVE-2016-7182 EXPLOITDB CRITICAL text VERIFIED
Microsoft Windows Vista - Remote Code Execution via Crafted True Type Font
The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka "True Type Font Parsing Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 9.8
CVE-2016-3209 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows and Office - ASLR Bypass via TrueType Font Parsing
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability."
by Google Security Research
CVSS 5.5
CVE-2016-7998 EXPLOITDB HIGH text VERIFIED
SPIP < 3.1.2 - Authenticated Remote Code Execution via Crafted INCLUDE/INCLURE Tag
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
by Sysdream
CVSS 8.8
CVE-2016-7980 EXPLOITDB HIGH text VERIFIED
SPIP < 3.1.2 - Cross-Site Request Forgery via XML Validator
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.
by Sysdream
CVSS 8.8
CVE-2016-7982 EXPLOITDB HIGH text VERIFIED
SPIP < 3.1.2 - Path Traversal via var_url Parameter
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.
by Sysdream
CVSS 7.5
EIP-2026-106931 EXPLOITDB text
Event Calendar PHP 1.5 - SQL Injection
by Ehsan Hosseini
EIP-2026-105892 EXPLOITDB text
Classifieds Rental Script - SQL Injection
by Arbin Godar
CVE-2016-20086 EXPLOITDB HIGH text
Vembu StoreGrid 4.0 Unquoted Service Path Privilege Escalation
Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackup_webServer services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem privileges.
by Joey Lane
CVSS 7.8
CVE-2016-20085 EXPLOITDB HIGH text
Realtek High Definition Audio Driver 6.0.1.6730 Privilege Escalation
Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute code with LocalSystem privileges.
by Joey Lane
CVSS 7.8
CVE-2016-20055 EXPLOITDB HIGH text VERIFIED
IObit Advanced SystemCare 10.0.2 Unquoted Service Path Privilege Escalation
IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges.
by Amir.ght
CVSS 7.8
EIP-2026-117751 EXPLOITDB text
PDF Complete 4.1.12 Corporate Edition - Unquoted Service Path Privilege Escalation
by Joey Lane
EIP-2026-117415 EXPLOITDB text
Lenovo ThinkVantage Communications Utility 3.0.42.0 - Unquoted Service Path Privilege Escalation
by Joey Lane
EIP-2026-117413 EXPLOITDB text
Lenovo Slim USB Keyboard 1.09 - Unquoted Service Path Privilege Escalation
by Joey Lane
EIP-2026-117412 EXPLOITDB text
Lenovo RapidBoot HDD Accelerator 1.00.0802 - Unquoted Service Path Privilege Escalation
by Joey Lane
EIP-2026-117329 EXPLOITDB text
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed 15.1.0.0096 - Unquoted Service Path Privilege Escalation
by Joey Lane
EIP-2026-117327 EXPLOITDB text
Intel(R) Management Engine Components 8.0.1.1399 - Unquoted Service Path Privilege Escalation
by Joey Lane
EIP-2026-107879 EXPLOITDB text
Intel(R) PROSet/Wireless WiFi Software 15.01.1000.0927 - Unquoted Service Path Privilege Escalation
by Joey Lane
EIP-2026-102407 EXPLOITDB text
ManageEngine ServiceDesk Plus 9.2 Build 9207 - Unauthorized Information Disclosure
by p0z