Exploit Database

145,600 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-6905 WRITEUP MEDIUM
libgd < 2.2.3 - Denial of Service via Crafted TGA Image
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.
CVSS 6.5
CVE-2016-6906 WRITEUP MEDIUM
libgd < 2.2.4 - Denial of Service via Crafted TGA File Decompression
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.
CVSS 5.5
CVE-2016-6911 WRITEUP MEDIUM
libgd < 2.2.4 - Denial of Service via Crafted TIFF Image
The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
CVSS 5.5
CVE-2016-6912 WRITEUP CRITICAL
libgd < 2.2.4 - Double Free in gdImageWebPtr
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
CVSS 9.8
CVE-2016-7101 WRITEUP MEDIUM
ImageMagick < 6.9.5-8 - Denial of Service via SGI Row Value
The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.
CVSS 6.5
CVE-2016-7117 WRITEUP CRITICAL
Linux Kernel < 4.5.2 - Use-After-Free in __sys_recvmmsg Error Handling
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
CVSS 9.8
CVE-2016-7126 WRITEUP CRITICAL
PHP < 5.6.25 and 7.x < 7.0.10 - Out-of-bounds Write via imagetruecolortopalette
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.
CVSS 9.8
CVE-2016-7131 WRITEUP HIGH
PHP < 5.6.25 and 7.x < 7.0.10 - Denial of Service via Malformed wddxPacket XML Document
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.
CVSS 7.5
CVE-2016-7132 WRITEUP HIGH
PHP < 5.6.25 and 7.x < 7.0.10 - Denial of Service via WDDX Deserialization NULL Pointer Dereference
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.
CVSS 7.5
CVE-2016-7143 WRITEUP HIGH
Debian Linux < 3.5.2 - Improper Authorization
The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
CVSS 8.1
CVE-2016-7144 WRITEUP HIGH
UnrealIRCd < 3.2.10.7 and 4.x < 4.0.6 - Authentication Bypass via SASL AUTHENTICATE Parameter
The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
CVSS 8.1
CVE-2016-7163 WRITEUP HIGH
OpenJPEG < 2.2.0 - Remote Code Execution via Integer Overflow in opj_pi_create_decode
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
CVSS 7.8
CVE-2016-7255 WRITEUP HIGH
Microsoft Windows - Privilege Escalation
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
CVSS 7.8
CVE-2016-7400 WRITEUP CRITICAL
Exponent CMS < 2.3.9 - SQL Injection via id, title, or content_id Parameter
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action.
CVSS 9.8
CVE-2016-7405 WRITEUP CRITICAL
ADOdb Library for PHP < 5.20.7 - SQL Injection via PDO Driver qstr Method
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
CVSS 9.8
CVE-2016-7514 WRITEUP MEDIUM
ImageMagick < 7.0.1-0 - Denial of Service via PSD File Out-of-Bounds Read
The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVSS 6.5
CVE-2016-7524 WRITEUP MEDIUM
ImageMagick < 6.9.4-0 - Denial of Service via Out-of-bounds Read in coders/meta.c
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVSS 6.5
CVE-2016-7526 WRITEUP MEDIUM
ImageMagick < 6.9.4-0 - Denial of Service via Crafted WPG File
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
CVSS 6.5
CVE-2016-7527 WRITEUP MEDIUM
ImageMagick < 6.9.4-0 - Denial of Service via Out-of-bounds Read in WPG Coder
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVSS 6.5
CVE-2016-7528 WRITEUP MEDIUM
ImageMagick < 6.9.4-0 - Denial of Service via Crafted VIFF File
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.
CVSS 6.5
CVE-2016-7530 WRITEUP MEDIUM
ImageMagick < 6.9.4-0 - Denial of Service via Quantum Handling
The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.
CVSS 6.5
CVE-2016-7536 WRITEUP MEDIUM
ImageMagick < 6.9.4-0 - Denial of Service via Crafted Profile
magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile.
CVSS 6.5
CVE-2016-7537 WRITEUP MEDIUM
ImageMagick < 6.9.4-7 - Denial of Service via Crafted PDB File
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file.
CVSS 6.5
CVE-2016-8636 WRITEUP HIGH
Linux kernel <4.9.10 - Memory Corruption
Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology.
CVSS 7.8
CVE-2016-8641 WRITEUP MEDIUM
Nagios 4.2.x - Privilege Escalation
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.
CVSS 6.7