Exploitdb Exploits
31,394 exploits tracked across all sources.
Micro Focus Rumba <9.4 HF 13960 - Buffer Overflow
Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client.
by LiquidWorm
CVSS 9.8
Real Estate Portal 4.1 - Multiple Vulnerabilities
by Bikramaditya Guha
Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Overread
by Google Security Research
Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Overread
by Google Security Research
Graphite2 - NameTable::getName Multiple Heap Out-of-Bounds Reads
by Google Security Research
Graphite2 - GlyphCache::Loader Heap Overreads
by Google Security Research
Graphite2 - GlyphCache::GlyphCache Heap Buffer Overflow
by Google Security Research
PowerFolder Server 10.4.321 - Remote Code Execution
by Hans-Martin Muench
AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection
by Mehmet Ince
Operation Technology ETAP 14.1.0 - Local Privilege Escalation
by LiquidWorm
Operation Technology ETAP 14.1.0 - Multiple Stack Buffer Overrun Vulnerabilities
by LiquidWorm
XenAPI 1.4.1 for XenForo - Multiple SQL Injections
by Julien Ahrens
SAP NetWeaver Application Server Java 7.40 - SQL Injection
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.
by ERPScan
CVSS 9.8
SAP NetWeaver AS JAVA 7.10-7.50 - Exposure of Sensitive Information via Universal Worklist Configuration
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
by ERPScan
CVSS 5.3
Apple OS X <10.11.5 - Memory Corruption
QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
by Francis Provencher
CVSS 7.8
Microsoft Windows - Information Disclosure via GDI Crafted Document
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0169.
by Google Security Research
CVSS 6.5
Microsoft Windows - Information Disclosure via GDI Crafted Document
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0168.
by Google Security Research
CVSS 6.5
Symantec Anti-Virus Engine < 20151.1.0.32 - Remote Code Execution via Malformed PE Header
The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.
by Google Security Research
CVSS 9.1
Microsoft Windows - Remote Code Execution via GDI Crafted Document
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Graphics Component RCE Vulnerability."
by Google Security Research
CVSS 8.8
Adobe Flash Player <=21.0.0.213 FileReference - Type Confusion
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
Adobe Flash Player <=21.0.0.213 SetNative - Use-After-Free
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
Adobe Flash Player <=21.0.0.213 Raw 565 Texture Processing Overflow
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
By Source