Exploitdb Exploits
50,076 exploits tracked across all sources.
nuevomailer < 6.0 - SQL Injection via r Parameter
SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter.
by Oleg Boytsev
CVSS 9.8
Apple <10.3.2, <10.12.5 - Privilege Escalation
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted app.
by Google Security Research
CVSS 7.0
macOS < 10.12.5 - Race Condition in DiskArbitration
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
by phoenhex
CVSS 7.0
libquicktime 1.2.4 - Denial of Service via Crafted MP4 File
The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
libcroco 0.6.12 - Denial of Service via Crafted CSS File
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
by qflb.wu
CVSS 6.5
IDERA Uptime Monitor 7.8 - SQL Injection
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
by SecuriTeam
CVSS 9.8
Net Monitor for Employees Pro <5.3.4 - Auth Bypass
Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application.
by Saeid Atabaki
CVSS 7.3
Microsoft Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
by Metasploit
Microsoft Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
by Metasploit
VMware Workstation Pro/Player - DoS
VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine.
by Borja Merino
CVSS 6.5
Craft CMS < 2.6.2982 - Stored Cross-Site Scripting via SVG File Upload
Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.
by Ahsan Tahir
CVSS 5.4
DC/OS Marathon < 1.9.0 - Docker Root Mount Code Execution
The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem (/) with read/write privileges. When using a malicious Docker image, the attacker can write to /etc/cron.d/ on the host, achieving arbitrary code execution with root privileges. This impacts any system where the Docker daemon honors Marathon container configurations without policy enforcement.
by Metasploit
PuTTY < 0.68 - Buffer Overflow via SSH Agent Protocol Message
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.
by Tim Kosse
CVSS 9.8
Linux kernel < 4.10.13 - Denial of Service via KEY_REQKEY_DEFL_THREAD_KEYRING Keyctl Calls
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
by Marcus Meissner
CVSS 5.5
Artifex MuPDF < 1.11 - NULL Pointer Dereference in pdf_run_xobject
An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.
by Kamil Frankowicz
CVSS 7.5
Linux Kernel < 4.10.8 - Denial of Service via ICMP Socket Protocol Value
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
by Daniel Jiang
CVSS 5.5
Peplink Balance Firmware - Unauthenticated Sensitive Information Exposure via HASync Debug Endpoint
Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, and Submitted syncid.
by X41 D-Sec GmbH
CVSS 5.3
Peplink Balance 305 380 580 710 1350 2500 Firmware - Cross-Site Scripting via orig_url Parameter
XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/preview.cgi.
by X41 D-Sec GmbH
CVSS 6.1
Peplink Balance 305 380 580 710 1350 2500 Firmware - Cross-Site Scripting via syncid Parameter
XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.
by X41 D-Sec GmbH
CVSS 6.1
Peplink Balance Firmware Cleartext Password Storage in /etc/waipass and /etc/roapass
Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems.
by X41 D-Sec GmbH
CVSS 9.8
By Source