Exploitdb Exploits
50,076 exploits tracked across all sources.
GNU Binutils 2.28 - Buffer Overflow
The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
by Alexandre Adamski
CVSS 7.8
D-Link DSL-2640B ADSL Router - 'dnscfg' Remote DNS Change
by Todor Donev
Easy File Sharing HTTP Server 7.2 - POST Buffer Overflow (Metasploit)
by Metasploit
Apple <10.3.2, <10.1.1, <10.2.1 - RCE
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
Safari < 10.1.1 - Remote Code Execution via WebKit Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
Apple <10.3.2, <10.1.1, <10.2.1 - RCE
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
Apple <10.3.2, <10.1.1, <12.6.1 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
IBM Informix Dynamic Server - Code Injection / Remote Code Execution
by IMgod
Joomla JoomRecipe 1.0.3 SQL Injection via category parameter
Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. Attackers can send GET requests to the all-recipes endpoint with malicious SQL payloads in the category path segment to extract sensitive database information.
by EziBilisim
CVSS 8.2
Easy File Sharing HTTP Server 7.2 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to properly validate the length of this field, resulting in a memory corruption condition. An unauthenticated remote attacker can exploit this to execute arbitrary code with the privileges of the server process.
by bl4ck h4ck3r
VX Search Enterprise 9.7.18 - Local Buffer Overflow
by ScrR1pTK1dd13
Avast aswSnx.sys Kernel Driver 11.1.2253 - Memory Corruption Privilege Escalation
by bee13oy
Todd Miller's sudo <1.8.20 - Info Disclosure & Command Execution
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
by Qualys Corporation
CVSS 6.4
HP PageWide/OfficeJet Pro <1708D - RCE
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.
by Jacob Baines
CVSS 9.8
KBVault Mysql Free Knowledge Base <0.16a - RCE
KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code.
by Fatih Emiral
CVSS 9.8
Google Chrome < 55.0.2883.75 - Remote Code Execution via V8 JS Object Property Check Bypass
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
by Qihoo360
CVSS 8.8
Easy MOV Converter 1.4.24 - 'Enter User Name' Local Buffer Overflow (SEH)
by abatchy17
LG MRA58K - Out-of-Bounds Heap Read in CAVIFileParser::Destroy Resulting in Invalid Free
by Google Security Research
LG MRA58K - Missing Bounds-Checking in AVI Stream Parsing
by Google Security Research
LG MRA58K - 'ASFParser::ParseHeaderExtensionObjects' Missing Bounds-Checking
by Google Security Research
By Source