Exploitdb Exploits
50,095 exploits tracked across all sources.
Google Chrome <67.0.3396.62 - Memory Corruption
Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
by Google Security Research
CVSS 6.5
Google Chrome <67.0.3396.62 - Memory Corruption
Incorrect handling of object lifetimes in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
by Google Security Research
CVSS 6.5
Safari < 11.1.1 - Remote Code Execution via WebAssembly getWasmBufferFromValue Out-of-Bounds Read
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation.
by Google Security Research
CVSS 8.8
Safari < 11.1.1 - Remote Code Execution via WebKit @generatorState Use-After-Free
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free.
by Google Security Research
CVSS 8.8
Google Chrome < 66.0.3359.117 - Remote Code Execution via WebAssembly Integer Overflow
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
by Google Security Research
CVSS 8.8
Splunk < 7.0.1 - Unauthenticated Information Disclosure via Server Info Endpoint
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
by KoF2002
CVSS 5.3
XiongMai uc-httpd 1.0.0 - Buffer Overflow
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.
by Andrew Watson
CVSS 9.8
WordPress Contact Form Maker Plugin 1.12.20 SQL Injection
WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_fmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'search_labels' parameters to extract sensitive database information or escalate privileges.
by defensecode
CVSS 7.1
WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php
WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generete_csv actions. Attackers can submit POST requests with malicious SQL payloads in the name and search_labels parameters to extract, modify, or escalate privileges within the WordPress database.
by defensecode
CVSS 7.1
The Olive Tree Ftp Server 1.32 - Insufficiently Protected Credentials in Shared Preferences
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.
by ManhNho
CVSS 9.8
Monstra CMS 3.0.4 - Stored Cross-Site Scripting via Name Field on Create New Page
Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php.
by DEEPIN2
CVSS 4.8
PHP < 5.6.33, 7.0.x < 7.0.28, 7.1.x <= 7.1.14, 7.2.x <= 7.2.2 - Stack-Based Buffer Under-Read in HTTP Response Parsing
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.
by Wei Lei and Liu Yang
CVSS 9.8
Apple tvOS < 11.4 - Kernel Buffer Overflow in mptcp_usr_connectx
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcp_usr_connectx allows attackers to execute arbitrary code in a privileged context via a crafted app.
by Google Security Research
CVSS 7.8
iPhone OS < 11.4 - Remote Code Execution via getvolattrlist Buffer Overflow
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary code in a privileged context via a crafted app.
by Google Security Research
CVSS 7.8
macOS < 10.13.5 - Use-After-Free in NVIDIA Graphics Drivers via SetAppSupportBits Race Condition
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition.
by Google Security Research
CVSS 7.0
10-Strike Network Scanner 3.0 Local Buffer Overflow SEH
10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the Trace route or System information functions to achieve code execution.
by Hashim Jawad
CVSS 8.4
10-Strike Network Inventory Explorer 8.54 Buffer Overflow SEH
10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious registration key string with 4188 bytes of padding followed by SEH chain values and shellcode, then paste it into the registration dialog to achieve code execution with application privileges.
by Hashim Jawad
CVSS 8.4
iPhone OS < 9.3.5 - Remote Code Execution via Memory Corruption
The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Metasploit
CVSS 7.8
WebKit not_number defineProperties UAF
The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
by Metasploit
CVSS 5.5
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)
by Hashim Jawad
Pagekit < 1.0.13 - Stored Cross-Site Scripting via SVG Upload
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack.
by DEEPIN2
CVSS 4.8
Recent Threads < 1.1 - Cross-Site Scripting via Thread Subject
The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject.
by 0xB9
CVSS 5.4
By Source