Exploitdb Exploits

50,073 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-11830 EXPLOITDB MEDIUM text VERIFIED
Windows - Privilege Escalation
Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability".
by Google Security Research
CVSS 5.3
CVE-2017-13849 EXPLOITDB MEDIUM python VERIFIED
iPhone OS < 11.1 - Denial of Service in CoreText via Crafted Text File
An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted text file.
by Russian Otter
CVSS 5.5
CVE-2017-16819 EXPLOITDB MEDIUM text
Icon Time Systems RTC-1000 v2.5.7458 - XSS
A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges.
by Keith Thome
CVSS 5.4
EIP-2026-118085 EXPLOITDB python VERIFIED
VX Search 10.2.14 - 'Proxy' Local Buffer Overflow (SEH)
by wetw0rk
CVE-2017-11873 EXPLOITDB HIGH javascript VERIFIED
ChakraCore and Microsoft Edge - Privilege Escalation
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, and CVE-2017-11871.
by Google Security Research
CVSS 7.5
CVE-2017-11861 EXPLOITDB HIGH javascript VERIFIED
Microsoft Edge - Memory Corruption in Scripting Engine
Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
by Google Security Research
CVSS 7.5
CVE-2017-11811 EXPLOITDB HIGH javascript VERIFIED
ChakraCore & Microsoft Edge - Memory Corruption
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821.
by Google Security Research
CVSS 7.5
CVE-2017-8751 EXPLOITDB HIGH html VERIFIED
Microsoft Edge - Remote Code Execution via Memory Corruption
Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-11766.
by Google Security Research
CVSS 7.5
CVE-2017-15806 EXPLOITDB HIGH text VERIFIED
Zeta Components Mail < 1.8.2 - Remote Code Execution via Crafted Email Address in Return Path
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."
by MalwareBenchmark
CVSS 8.1
CVE-2017-16843 EXPLOITDB MEDIUM html
Vonage VDV-23 115 3.2.11-0.9.40 - XSS
Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.
by Nu11By73
CVSS 5.4
EIP-2026-102070 EXPLOITDB text
TP-Link TL-WR740N - Cross-Site Scripting
by bl00dy
CVE-2017-16841 EXPLOITDB MEDIUM text
LanSweeper < 6.0.100.94 - Cross-Site Scripting via Calendar Description Parameter
LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx.
by Miguel Mendez Z
CVSS 6.1
CVE-2017-16962 EXPLOITDB MEDIUM text
CommuniGate Pro < 6.2.1 - Stored Cross-Site Scripting via Calendar Invitation or Directory Name
The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component.
by Boumediene KADDOUR
CVSS 6.1
CVE-2017-15270 EXPLOITDB MEDIUM text
psftpd 10.0.4 Build 729 - Log Injection via CSV Escape Bypass
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' and '\r' are not escaped and can be used to add new entries to the log.
by X41 D-Sec GmbH
CVSS 5.3
EIP-2026-118438 EXPLOITDB python VERIFIED
Dup Scout Enterprise 10.0.18 - 'Login' Remote Buffer Overflow
by sickness
CVE-2017-15271 EXPLOITDB MEDIUM text
PSFTPd 10.0.4 Build 729 - Unauthenticated Use-After-Free via Crafted SSH Identification String
A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled attackers to perform a very effective DoS attack against this service. By sending a crafted SSH identification / version string to the server, a NULL pointer dereference could be caused, apparently because of a race condition in the window message handling, performing the cleanup for invalid connections. This incorrect cleanup code has a use-after-free.
by X41 D-Sec GmbH
CVSS 5.9
EIP-2026-103348 EXPLOITDB ruby VERIFIED
D-Link DIR-850L - OS Command Execution (Metasploit)
by Metasploit
CVE-2017-9675 EXPLOITDB HIGH bash VERIFIED
D-Link DIR-605L <2.08UIBetaB01.bin - DoS
On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot.
by Enrique Castillo
CVSS 7.5
CVE-2017-14961 EXPLOITDB HIGH c
IKARUS anti.virus 2.16.7 - Arbitrary Write via ntguard.sys IOCtl 0x8300000c
In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c.
by Parvez Anwar
CVSS 7.8
CVE-2017-16806 EXPLOITDB HIGH python
Ulterius Server < 1.9.5.0 - Directory Traversal
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.
by Rick Osgood
CVSS 7.5
CVE-2017-16524 EXPLOITDB HIGH ruby
Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.
by 0xFFFFFF
CVSS 8.8
CVE-2017-16807 EXPLOITDB MEDIUM text VERIFIED
Kirby Panel <2.3.3, <2.4.2, <2.5.7 - XSS
A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.
by Ishaq Mohammed
CVSS 5.4
EIP-2026-110378 EXPLOITDB python
osCommerce 2.3.4.1 - Arbitrary File Upload
by Simon Scannell
CVE-2017-16780 EXPLOITDB CRITICAL text VERIFIED
MyBB < 1.8.12 - Remote Code Execution via Installer Configuration File Write
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
by Pabstersac
CVSS 9.8
CVE-2017-16781 EXPLOITDB MEDIUM text VERIFIED
MyBB < 1.8.12 - Cross-Site Scripting in Installer
The installer in MyBB before 1.8.13 has XSS.
by Pabstersac
CVSS 5.4
By Source
All 50,073 Writeup 61,635 Exploitdb 50,073 Nomisec 22,241 Github 3,373 Metasploit 3,293 Vulncheck_xdb 923 Inthewild 514 Gitlab 467 Gitee 415 Patchapalooza 312
By Language
text 31,383 python 6,440 ruby 5,983 c 3,617 perl 2,849 html 2,065 php 1,331 bash 462 java 368 c++ 255 javascript 227 shell 116 go 72 postscript 25 typescript 24