Text Exploits
31,386 exploits tracked across all sources.
Wireshark - dissect_pktc_rekey Heap Out-of-Bounds Read
by Google Security Research
Apache OpenMeetings <3.1.1 - Path Traversal
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.
by Andreas Lindh
CVSS 6.5
CubeCart 6.0.10 - Multiple Vulnerabilities
by High-Tech Bridge SA
Apple OS X <10.11.4 - Memory Corruption
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.
by Francis Provencher
CVSS 7.8
Apple OS X <10.11.4 - Memory Corruption
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.
by Francis Provencher
CVSS 7.8
QuickTime <10.11.4 - Memory Corruption
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.
by Francis Provencher
CVSS 7.8
Debian Linux < 4.3.4 - Memory Corruption
Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet.
by Stelios Tsampas
CVSS 9.8
Android < 5.1.1 - Remote Code Execution via Crafted MPEG-4 Data
Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824.
by NorthBit
Adobe Flash Player <18.0.0.333 & 19.x-21.x - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000.
by Google Security Research
CVSS 8.8
Liferay Portal 5.1.2 - Persistent Cross-Site Scripting
by Sarim Kiani
FireEye - Malware Input Processor Privilege Escalation
by Google Security Research
Android One - mt_wifi IOCTL_GET_STRUCT Privilege Escalation
by Google Security Research
WordPress IMDb Profile Widget 1.0.8 Local File Inclusion via pic.php
WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like wp-config.php containing database credentials and configuration data.
by CrashBandicot
CVSS 6.2
WordPress Plugin Photocart Link 1.6 Local File Inclusion via decode.php
WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoint to retrieve sensitive files like wp-config.php containing database credentials and configuration data.
by CrashBandicot
CVSS 6.2
Trend Micro Deep Discovery Inspector 3.8/3.7 - Cross-Site Request Forgery
by hyp3rlinx
Comodo AntiVirus - Forwards Emulated API Calls to the Real API During Scans
by Google Security Research
Comodo AntiVirus - Heap Overflow in LZX Decompression
by Google Security Research
Comodo - PackMan Unpacker Insufficient Parameter Validation
by Google Security Research
Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks
by Google Security Research
Comodo - Integer Overlow Leading to Heap Overflow Parsing Composite Documents
by Google Security Research
Comodo - Integer Overflow Leading to Heap Overflow in Win32 Emulation
by Google Security Research
Avira - Heap Underflow Parsing PE Section Headers
by Google Security Research
Adobe Flash Player < 18.0.0.333, 19.x-21.x < 21.0.0.182 - Remote Code Execution
Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors.
by Google Security Research
CVSS 8.8
Adobe Flash Player <18.0.0.333 & 19.x-21.x - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000.
by Google Security Research
CVSS 8.8
Adobe Flash Player <18.0.0.333,19.x-21.x - RCE
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.
by Google Security Research
CVSS 8.8
By Source