Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110749 EXPLOITDB text
PHP Realestate Script Script 4.9.0 - SQL Injection
by Meisam Monsef
CVE-2016-1606 EXPLOITDB CRITICAL text
Micro Focus Rumba <9.4 HF 13960 - Buffer Overflow
Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client.
by LiquidWorm
CVSS 9.8
EIP-2026-111707 EXPLOITDB text
Real Estate Portal 4.1 - Multiple Vulnerabilities
by Bikramaditya Guha
EIP-2026-106777 EXPLOITDB text
EduSec 4.2.5 - SQL Injection
by Bikramaditya Guha
EIP-2026-103510 EXPLOITDB text VERIFIED
Graphite2 - TtfUtil::CmapSubtable4NextCodepoint Heap Overread
by Google Security Research
EIP-2026-103509 EXPLOITDB text VERIFIED
Graphite2 - TtfUtil::CheckCmapSubtable12 Heap Overread
by Google Security Research
EIP-2026-103508 EXPLOITDB text VERIFIED
Graphite2 - NameTable::getName Multiple Heap Out-of-Bounds Reads
by Google Security Research
EIP-2026-103507 EXPLOITDB text VERIFIED
Graphite2 - GlyphCache::Loader Heap Overreads
by Google Security Research
EIP-2026-103506 EXPLOITDB text VERIFIED
Graphite2 - GlyphCache::GlyphCache Heap Buffer Overflow
by Google Security Research
EIP-2026-102348 EXPLOITDB text VERIFIED
PowerFolder Server 10.4.321 - Remote Code Execution
by Hans-Martin Muench
EIP-2026-100102 EXPLOITDB text
AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection
by Mehmet Ince
EIP-2026-117725 EXPLOITDB text
Operation Technology ETAP 14.1.0 - Local Privilege Escalation
by LiquidWorm
EIP-2026-116011 EXPLOITDB text
Operation Technology ETAP 14.1.0 - Multiple Stack Buffer Overrun Vulnerabilities
by LiquidWorm
EIP-2026-114419 EXPLOITDB text VERIFIED
XenAPI 1.4.1 for XenForo - Multiple SQL Injections
by Julien Ahrens
CVE-2016-2386 EXPLOITDB CRITICAL text
SAP NetWeaver Application Server Java 7.40 - SQL Injection
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.
by ERPScan
CVSS 9.8
CVE-2016-2388 EXPLOITDB MEDIUM text
SAP NetWeaver AS JAVA 7.10-7.50 - Exposure of Sensitive Information via Universal Worklist Configuration
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
by ERPScan
CVSS 5.3
CVE-2016-1848 EXPLOITDB HIGH text VERIFIED
Apple OS X <10.11.5 - Memory Corruption
QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
by Francis Provencher
CVSS 7.8
EIP-2026-102549 EXPLOITDB text
4digits 1.1.4 - Local Buffer Overflow (PoC)
by N_A
CVE-2016-0168 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows - Information Disclosure via GDI Crafted Document
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0169.
by Google Security Research
CVSS 6.5
CVE-2016-0169 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows - Information Disclosure via GDI Crafted Document
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0168.
by Google Security Research
CVSS 6.5
CVE-2016-2208 EXPLOITDB CRITICAL text VERIFIED
Symantec Anti-Virus Engine < 20151.1.0.32 - Remote Code Execution via Malformed PE Header
The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.
by Google Security Research
CVSS 9.1
CVE-2016-0170 EXPLOITDB HIGH text VERIFIED
Microsoft Windows - Remote Code Execution via GDI Crafted Document
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Graphics Component RCE Vulnerability."
by Google Security Research
CVSS 8.8
CVE-2016-1105 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <=21.0.0.213 FileReference - Type Confusion
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-1106 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <=21.0.0.213 SetNative - Use-After-Free
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-1103 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <=21.0.0.213 Raw 565 Texture Processing Overflow
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5