Exploitdb Exploits
50,091 exploits tracked across all sources.
Adobe Flash Player < 31.0.0.153 - Use-After-Free
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
by smgorelik
CVSS 7.8
WSTMart 2.0.7 - Cross-Site Request Forgery via Admin Staff Add URI
WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI.
by linfeng
CVSS 8.8
ZeusCart 4.0 - Cross-Site Request Forgery via regstatus Endpoint
ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting attacker-controlled pages that submit requests to the regstatus endpoint with action=deny parameters.
by mqt
CVSS 5.3
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Read
by evil_polar_bear
Microsoft Edge 42.17134.1.0 - 'Tree::ANode::DocumentLayout' Denial of Service
by Bogdan Kurinnoy
netatalk < 3.1.12 - Unauthenticated Out-of-bounds Write in dsi_opensess.c
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
by Jacob Baines
CVSS 9.8
netatalk < 3.1.12 - Unauthenticated Out-of-bounds Write in dsi_opensess.c
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
by Tenable NS
CVSS 9.8
LanSpy 2.0.1.159 Local Buffer Overflow
LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode, triggering code execution through SEH chain manipulation and controlled jumps.
by bzyo
CVSS 8.4
XMPlay 3.8.3 - Remote Code Execution via Crafted HTTP URL in M3U File
XMPlay 3.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted http:// URL in a .m3u file.
by s7acktrac3
CVSS 7.8
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read
by SandboxEscaper
Internet Explorer 9, 10, 11 - Remote Code Execution via VBScript Engine Use-After-Free
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
by Google Security Research
CVSS 7.5
Internet Explorer 9-11 - Remote Code Execution via VBScript Execution Policy Bypass
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
by Google Security Research
CVSS 7.5
Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit)
by Metasploit
Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit)
by Metasploit
PassFab RAR Password Recovery 9.3.2 SEH Buffer Overflow
PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a payload with a buffer overflow, NSEH jump, and shellcode, then paste it into the 'Licensed E-mail and Registration Code' field during registration to trigger code execution.
by Achilles
CVSS 8.4
PDF Explorer 1.5.66.2 Structured Exception Handler Local Code Execution
PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the Custom fields settings dialog processes the malicious input in the Label field.
by Achilles
CVSS 8.4
By Source