Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-1960 EXPLOITDB HIGH html VERIFIED
Mozilla Firefox <45.0 - Firefox ESR 38.x <38.7 - RCE
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.
by Rh0
CVSS 8.8
CVE-2017-5375 EXPLOITDB CRITICAL html VERIFIED
Thunderbird <45.7, Firefox ESR <45.7, Firefox <51 - Memory Corruption
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
by Rh0
CVSS 9.8
CVE-2017-5375 EXPLOITDB CRITICAL html VERIFIED
Thunderbird <45.7, Firefox ESR <45.7, Firefox <51 - Memory Corruption
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
by Rh0
CVSS 9.8
CVE-2018-6329 EXPLOITDB CRITICAL python
Unitrends Backup < 10.1.10 - SQL Injection and Remote Code Execution via Authentication Bypass
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.
by Jared Arave
CVSS 9.8
CVE-2017-16995 EXPLOITDB HIGH c
Linux BPF Sign Extension Local Privilege Escalation
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.
by Bruce Leidl
CVSS 7.8
CVE-2017-0101 EXPLOITDB HIGH c++
Microsoft Windows - Local Privilege Escalation via Transaction Manager Kernel Driver
The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
by xiaodaozhi
CVSS 7.8
CVE-2018-7543 EXPLOITDB MEDIUM text
Duplicator 1.2.32 - Cross-Site Scripting via JSON Parameter in Installer
Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter.
by Stefan Broeder
CVSS 6.1
CVE-2017-8046 EXPLOITDB CRITICAL java
Spring Data REST < 2.6.9 and Spring Boot < 1.5.9 - Remote Code Execution via Malicious PATCH Request
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
by Antonio Francesco Sardella
CVSS 9.8
CVE-2018-7445 EXPLOITDB CRITICAL python
MikroTik RouterOS < 6.41.3 - Unauthenticated Remote Code Execution via SMB NetBIOS Session Request
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.
by CoreLabs
CVSS 9.8
CVE-2017-13253 EXPLOITDB HIGH c++
Android 8.0 8.1 - Out-of-bounds Write in CryptoPlugin::decrypt
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71389378.
by Tamir Zahavi-Brunner
CVSS 7.8
CVE-2018-2380 EXPLOITDB MEDIUM python
SAP CRM 7.01-7.02, 7.30-7.31, 7.33, 7.54 - Path Traversal
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
by erp scan team
CVSS 6.6
CVE-2018-7706 EXPLOITDB MEDIUM text
SecurEnvoy SecurMail <9.2.501 - Path Traversal
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. (dot dot) in the option2 parameter in an attachment action to secmail/getmessage.exe.
by SEC Consult
CVSS 6.5
CVE-2018-7705 EXPLOITDB HIGH text
SecurEnvoy SecurMail <9.2.501 - Path Traversal
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. (dot dot) in the filename parameter to secupload2/upload.aspx.
by SEC Consult
CVSS 8.1
CVE-2018-7704 EXPLOITDB MEDIUM text
SecurEnvoy SecurMail <9.2.501 - Info Disclosure
SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe.
by SEC Consult
CVSS 6.5
CVE-2018-7703 EXPLOITDB MEDIUM text
SecurEnvoy SecurMail <9.2.501 - XSS
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe.
by SEC Consult
CVSS 6.1
CVE-2018-7702 EXPLOITDB CRITICAL text
SecurEnvoy SecurMail <9.2.501 - RCE
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.
by SEC Consult
CVSS 9.1
CVE-2018-7701 EXPLOITDB MEDIUM text
SecurEnvoy SecurMail <9.2.501 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe.
by SEC Consult
CVSS 6.5
CVE-2018-7538 EXPLOITDB CRITICAL text VERIFIED
Tuleap < 9.18 - SQL Injection in Tracker Functionality
A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.
by Cristiano Maruti
CVSS 9.8
CVE-2018-7707 EXPLOITDB MEDIUM text
SecurEnvoy SecurMail <9.2.501 - XSS
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message.
by SEC Consult
CVSS 6.1
CVE-2018-25320 EXPLOITDB CRITICAL text
ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to establish reverse shells and gain complete system control.
by Clutchisback1
CVSS 9.8
CVE-2018-25222 EXPLOITDB HIGH python
SC 7.16 - Stack Buffer Overflow Local Code Execution
SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 1052 bytes to overwrite the instruction pointer and execute shellcode in the application context.
by Juan Sacco
CVSS 8.4
CVE-2018-9161 EXPLOITDB CRITICAL text
Prisma Industriale Checkweigher PrismaWEB 1.21 - Use of Hard-coded Credentials
Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js.
by LiquidWorm
CVSS 9.8
CVE-2018-7756 EXPLOITDB CRITICAL text
DEWESoft X3 SP1 - Unauthenticated Remote Code Execution via RunExeFile.exe TCP Port 1999
RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a "SETFIREWALL Off" command.
by hyp3rlinx
CVSS 9.8
CVE-2017-16720 EXPLOITDB CRITICAL python VERIFIED
Advantech WebAccess <= 8.3.2 - Path Traversal
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.
by Chris Lyne
CVSS 9.8
EIP-2026-114886 EXPLOITDB python
Allok QuickTime to AVI MPEG DVD Converter 3.6.1217 - Buffer Overflow
by Mohan Ravichandran