Exploitdb Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-100656 EXPLOITDB text
Microix Timesheet Module - SQL Injection
by Anthony Cole
CVE-2016-5309 EXPLOITDB MEDIUM text VERIFIED
Symantec Data Center Security: Server - Out-of-bounds Read in RAR File Parser
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression.
by Google Security Research
CVSS 5.5
CVE-2016-3357 EXPLOITDB HIGH text VERIFIED
Microsoft Office 2007 SP3-2016, Word for Mac, SharePoint, Office Web Apps - Remote Code Execution via Crafted Document
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
by Google Security Research
CVSS 7.8
CVE-2016-5310 EXPLOITDB MEDIUM text VERIFIED
Symantec Data Center Security: Server - Out-of-bounds Write in RAR File Parser
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.
by Google Security Research
CVSS 5.5
EIP-2026-106531 EXPLOITDB text
Dolphin 7.3.0 - Error-Based SQL Injection
by Kacper Szurek
EIP-2026-117927 EXPLOITDB text
SolarWinds Kiwi Syslog Server 9.5.1 - Unquoted Service Path Privilege Escalation
by Halil Dalabasmaz
EIP-2026-117924 EXPLOITDB text
SolarWinds Kiwi CatTools 3.11.0 - Unquoted Service Path Privilege Escalation
by Halil Dalabasmaz
CVE-2016-7083 EXPLOITDB HIGH text VERIFIED
VMware Workstation Pro and Player 12.x - Remote Code Execution via Cortado ThinPrint EMFSPOOL TrueType Fonts
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL.
by Google Security Research
CVSS 7.8
CVE-2016-7084 EXPLOITDB HIGH text VERIFIED
VMware Workstation Player 12.x - Remote Code Execution via JPEG 2000 Image
tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image.
by Google Security Research
CVSS 7.8
EIP-2026-114629 EXPLOITDB text
ZineBasic 1.1 - Arbitrary File Disclosure
by bd0rk
EIP-2026-113943 EXPLOITDB text
WordPress Plugin Order Export Import for WooCommerce - Order Information Disclosure
by david-peltier
EIP-2026-112033 EXPLOITDB text
ShoreTel Connect ONSITE - Blind SQL Injection
by Iraklis Mathiopoulos
EIP-2026-109701 EXPLOITDB text
MyBB 1.8.6 - SQL Injection
by Curesec Research Team
EIP-2026-108961 EXPLOITDB text
Kajona 4.7 - Cross-Site Scripting / Directory Traversal
by Curesec Research Team
EIP-2026-100657 EXPLOITDB text
MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities
by Paul Baade & Sven Krewitt
EIP-2026-108833 EXPLOITDB text
Joomla! Component Portfolio Gallery 1.0.6 - SQL Injection
by Larry W. Cashdollar
EIP-2026-108230 EXPLOITDB text
Joomla! Component Catalog 1.0.7 - SQL Injection
by Larry W. Cashdollar
EIP-2026-100199 EXPLOITDB text
Cisco EPC 3925 - Multiple Vulnerabilities
by Patryk Bogdan
EIP-2026-103846 EXPLOITDB text
Apache Mina 2.0.13 - Remote Command Execution
by Gregory Draperi
EIP-2026-100028 EXPLOITDB text VERIFIED
Google Android - getpidcon Usage binder Service Replacement Race Condition
by Google Security Research
CVE-2016-6853 EXPLOITDB MEDIUM text
Open-Xchange OX Guard < 2.4.2 - Stored Cross-Site Scripting via PGP Public Key Name
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites, users might get lured into a phishing scheme. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
by Benjamin Daniel Mussler
CVSS 6.1
CVE-2016-6851 EXPLOITDB MEDIUM text
Open-Xchange OX Guard < 2.4.2 - Unauthenticated Stored Cross-Site Scripting via Guest Reader Parameter
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks against arbitrary users since no prior authentication is needed. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.) in case the user has an active session on the same domain already.
by Benjamin Daniel Mussler
CVSS 6.1
EIP-2026-118195 EXPLOITDB text
Zapya Desktop 1.803 - 'ZapyaService.exe' Local Privilege Escalation
by Arash Khazaei
EIP-2026-118135 EXPLOITDB text
WinSMS 3.43 - Insecure File Permissions Privilege Escalation
by Tulpa
EIP-2026-117652 EXPLOITDB text
Multiple Icecream Apps - Insecure File Permissions Privilege Escalation
by Tulpa