Exploitdb Exploits
49,996 exploits tracked across all sources.
Apple Iphone OS < 9.3.5 - Out-of-Bounds Write
The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Metasploit
CVSS 7.8
WebKit not_number defineProperties UAF
The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
by Metasploit
CVSS 5.5
10-Strike Network Scanner 3.0 - Local Buffer Overflow (SEH)
by Hashim Jawad
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)
by Hashim Jawad
10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow (SEH)
by Hashim Jawad
Pagekit < 1.0.13 - XSS
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack.
by DEEPIN2
CVSS 4.8
Recent Threads < 1.1 - XSS
The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject.
by 0xB9
CVSS 5.4
Mailer Plugin 1.20 for Jenkins 2.111 - CSRF
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
by Kl3_GMjq6
CVSS 8.0
WebKitGTK+ <2.21.3 - Use After Free
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash.
by Dhiraj Mishra
CVSS 7.5
Linux Kernel < 4.16.11 - Use After Free
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
by Google Security Research
CVSS 5.9
Apple Iphone OS < 9.3.5 - Out-of-Bounds Write
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
by Metasploit
CVSS 8.8
Mc1soft Zip-n-go < 4.95 - Memory Corruption
MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file.
by Hashim Jawad
CVSS 7.8
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit)
by Metasploit
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit)
by Metasploit
Cyberark Password Vault < 9.7 - Information Disclosure
CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message.
by Thomas Zuk
CVSS 5.3
Searchblox - SSRF
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
by Ahmet Gurel
CVSS 9.8
Brother Hl-l2340d Firmware < 1.16 - XSS
Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.
by Huy Kha
CVSS 4.8
Emssoftware Ems Master Calendar < 8.0.0.201805210 - XSS
Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.
by Chris Barretto
CVSS 6.1
Njtech Greencms - CSRF
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.
by xichao
CVSS 8.8
Njtech Greencms - CSRF
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.
by xichao
CVSS 8.8
Microsoft Edge - Memory Corruption
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177.
by Google Security Research
CVSS 7.5
By Source