Exploitdb Exploits
49,996 exploits tracked across all sources.
ipPulse 1.92 - 'TCP Port' Denial of Service (PoC)
by Diego Santamaria
Immunity Debugger 1.85 - Denial of Service (PoC)
by Gionathan Reale
phpMyAdmin <4.7.6.1/4.7.7 - CSRF
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
by VulnSpy
CVSS 8.8
Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC)
by Luis Martínez
Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure
by BrianWGray
Instagram App 41.1788.50991.0 - Denial of Service (PoC)
by Ali Alipour
Microsoft Windows - Advanced Local Procedure Call (ALPC) Local Privilege Escalation
by SandboxEscaper
Internet Explorer <11 - Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
by Google Security Research
CVSS 7.5
Cisco Network Assistant 6.3.3 - 'Cisco Login' Denial of Service (PoC)
by Luis Martínez
Foxit PDF Reader Pointer Overwrite UAF
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5380.
by Metasploit
CVSS 6.5
Tecrail Responsive Filemanager < 9.13.4 - Path Traversal
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal.
by Simon Uvarov
CVSS 7.5
Foxitsoftware Foxit Reader < 9.0.1.1049 - Use After Free
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620.
by Metasploit
CVSS 8.8
HP PageWide/OfficeJet Pro <1708D - RCE
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.
by Metasploit
CVSS 9.8
Plainview Activity Monitor < 20180826 - OS Command Injection
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
by Lydéric Lefebvre
CVSS 8.8
Tecrail Responsive Filemanager < 9.13.4 - Path Traversal
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal.
by Simon Uvarov
CVSS 5.5
Gleezcms Gleez Cms - CSRF
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.
by GunEggWang
CVSS 8.8
Electron < 1.7.16 - Remote Code Execution
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.
by Matt Austin
CVSS 8.1
By Source