Exploitdb Exploits
49,996 exploits tracked across all sources.
Chrome V8 JIT - Arrow Function Scope Fixing Bug
by Google Security Research
Chrome V8 JIT - 'AwaitedPromise' Update Bug
by Google Security Research
Allok Video to DVD Burner 2.6.1217 Buffer Overflow SEH
Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input string with 780 bytes of junk data followed by SEH chain pointers and shellcode, then paste it into the License Name field during registration to achieve code execution.
by T3jv1l
CVSS 8.4
Ericsson-LG iPECS NMS A.1Ac - Info Disclosure
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.
by Berk Cem Göksel
CVSS 8.8
Ericsson-LG iPECS NMS A.1Ac - Auth Bypass
The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.
by Berk Cem Göksel
CVSS 9.8
lastore-daemon <0.9.66-1 - Privilege Escalation
A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user in the sudo group to invoke the InstallPackage method without password authentication. By default, the first user created on Deepin is in the sudo group. An attacker with shell access can craft a .deb package containing a malicious post-install script and use dbus-send to install it via lastore-daemon, resulting in arbitrary code execution as root.
by Metasploit
Open-AudIT <2.2 - Code Injection
Open-AudIT before 2.2 has CSV Injection.
by Sureshbabu Narvaneni
CVSS 6.8
Sharing-file Easy File Sharing Web Server - Memory Corruption
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791.
by Hashim Jawad
CVSS 9.8
Windows <7 SP1 & <Server 2008 R2 SP1 - Privilege Escalation
The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability."
by XPN
CVSS 7.8
Videolan Vlc Media Player < 2.2.4 - Memory Corruption
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
by SivertPL
CVSS 7.8
Microsoft Internet Explorer 11.371.16299.0 (Windows 10) - Denial Of Service
by hyp3rlinx
WUZHI CMS 4.1.0 - CSRF
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
by jiguang
CVSS 8.8
WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion
by Lenon Leite
Catapult UK Cookie Consent <2.3.10 - XSS
A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser.
by B0UG
CVSS 5.4
Monstra - Path Traversal
Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request.
by Wenming Jiang
CVSS 6.5
Interspire Email Marketer <6.1.6 - Auth Bypass
The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.
by devcoinfet
CVSS 9.8
Ericssonlg Ipecs Nms - SQL Injection
The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system.
by Berk Cem Göksel
CVSS 9.8
Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion
by Google Security Research
Adobe Flash Player Desktop Runtime < 29.0.0.113 - Memory Corruption
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.
by Google Security Research
CVSS 6.5
Adobe Flash Player Desktop Runtime < 29.0.0.113 - Out-of-Bounds Write
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
by Google Security Research
CVSS 8.8
Adobe Flash Player Desktop Runtime < 29.0.0.113 - Out-of-Bounds Write
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
by Google Security Research
CVSS 8.8
Adobe Flash Player Desktop Runtime < 29.0.0.113 - Out-of-Bounds Read
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
by Google Security Research
CVSS 6.5
By Source