Exploitdb Exploits
50,083 exploits tracked across all sources.
Advanced Host Monitor 11.92 beta - Local Buffer Overflow
by Peyman Forouzan
Internet Explorer - Remote Code Execution via VBScript Engine Memory Handling
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772.
by Google Security Research
CVSS 7.5
Internet Explorer - Security Feature Bypass via VBScript Execution Policy
A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.
by Google Security Research
CVSS 4.3
Microsoft Edge - Security Feature Bypass via Click2Play Flash Handling
A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.
by Google Security Research
CVSS 5.3
upcoming_events < 1.33 - Cross-Site Scripting via Event Name
An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event.
by 0xB9
CVSS 6.1
Gila CMS 1.9.1 - Cross-Site Scripting
Gila CMS 1.9.1 has XSS.
by Ahmet Ümit BAYRAM
CVSS 6.1
Chrome < 73.0.3683.75 - Use-After-Free via WebMIDI Integer Overflow
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
by Google Security Research
CVSS 8.8
Google Chrome < 73.0.3683.75 - Use-After-Free via Blink Storage Integer Overflow
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
by Google Security Research
CVSS 8.8
Chrome < 73.0.3683.75 - Use-After-Free in DOMStorage
Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by Google Security Research
CVSS 7.5
Google Chrome < 73.0.3683.75 - Data Race in Extensions Guest View
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by Google Security Research
CVSS 7.5
libseccomp < 2.4.0 - Incorrect Compilation of Arithmetic Comparisons
by Google Security Research
Pipeline: Declarative Plugin <1.3.3 - RCE
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
by Metasploit
CVSS 8.8
WinAVI iPod 3GP MP4 PSP Converter 4.4.2 Denial of Service
WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash.
by Achilles
CVSS 6.2
WinMPG Video Convert 9.3.5 Buffer Overflow Local Denial of Service
WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Attackers can paste a large payload of 6000 bytes into the Name and Registration Code field to trigger a denial of service condition.
by Achilles
CVSS 6.2
BMC PATROL Agent < 11.3.01 - Unauthenticated Privilege Escalation via PatrolCli
An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if the password provided for the given username is correct; it does not verify the permissions of the user on the network. This means if you have PATROL Agent installed on a high value target (domain controller), you can use a low privileged domain user to authenticate with PatrolCli and then connect to the domain controller and run commands as SYSTEM. This means any user on a domain can escalate to domain admin through PATROL Agent. NOTE: the vendor disputes this because they believe it is adequate to prevent this escalation by means of a custom, non-default configuration
by Metasploit
CVSS 7.8
Tabs Mail Carrier 2.5.1 Buffer Overflow via MAIL FROM
Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25 and send a malicious MAIL FROM command with an oversized buffer to overwrite the EIP register and execute a bind shell payload.
by Joseph McDonagh
CVSS 9.8
Vembu StoreGrid 4.4.x - Cross-Site Scripting in Registration Failure/Success Pages
Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.
by Gionathan Reale
CVSS 6.1
Vembu StoreGrid 4.4.x - Exposure of Sensitive Information via Index Page Hidden Form Value
In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.
by Gionathan Reale
CVSS 5.3
Moodle 3.1.0-3.1.11, 3.1-3.1.12 - Remote Code Execution via Calculated Question Eval Injection
An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
by Darryn Ten
CVSS 8.8
CMS Made Simple < 2.2.10 - Unrestricted File Upload via Watermark Image Extension Bypass
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
by Daniele Scanu
CVSS 6.5
netdata < 1.13.0 - HTML Injection via Snapshot Import
The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user. NOTE: the vendor disputes the risk because there is a clear warning next to the button for importing a snapshot
by s4vitar
CVSS 6.1
Pegasus CMS 1.0 Remote Code Execution via extra_fields.php
Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the action parameter to achieve code execution and obtain an interactive shell.
by R3zk0n
CVSS 9.8
By Source