Exploitdb Exploits
50,076 exploits tracked across all sources.
Microsoft Edge - Information Disclosure via Memory Object Handling
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8652 and CVE-2017-8662.
by Google Security Research
CVSS 4.3
RPi Cam Control < 6.3.14 - Multiple Vulnerabilities
by Alexander Korznikov
macOS < 10.12.4 - Denial of Service via IOFireWireFamily NULL Pointer Dereference
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
by Brandon Azad
CVSS 5.5
Internet Download Manager 6.28 Build 17 - Local Buffer Overflow (SEH Unicode)
by f3ci
ALLPlayer 7.4 - Local Buffer Overflow (SEH Unicode)
by f3ci
AdvanDate iCupid Dating Software 12.2 - SQL Injection
by Ihsan Sencan
Quali CloudShell < 7.1.0.6508 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description parameter to RM/Topology/Update; the (4) Name, (5) Description, (6) ExecutionBatches[0].Name, (7) ExecutionBatches[0].Description, or (8) Labels parameter to SnQ/JobTemplate/Edit; or (9) Alias or (10) Description parameter to RM/AbstractTemplate/AddOrUpdateAbstractTemplate.
by Benjamin Lee
CVSS 5.4
RPi Cam Control < 6.3.14 - Remote Command Execution
by Alexander Korznikov
Xamarin.iOS - Elevation of Privilege via Update Component
The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability."
by Securify
CVSS 7.8
Tomabo MP4 Converter 3.19.15 - Denial of Service
by Andy Bowden
Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005.
by Andrey Konovalov
CVSS 7.0
RealTime RWR-3G-100 Router Firmware Ver1.0.56 - Cross-Site Request Forgery
The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.
by Touhid M.Shaikh
CVSS 8.8
Microsoft Edge - Information Disclosure via Memory Object Handling
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8662.
by Google Security Research
CVSS 6.5
Redgate SQL Monitor < 3.10 and 4.x < 4.2 - Unauthenticated SQL Injection
In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges).
by Paul Taylor
CVSS 9.8
Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting
by Touhid M.Shaikh
By Source