Exploitdb Exploits
50,076 exploits tracked across all sources.
Microsoft Malware Protection Engine < 1.1.13704.0 - Remote Code Execution via Crafted File Scan
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8540 and CVE-2017-8541.
by Google Security Research
CVSS 7.8
WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection
by defensecode
Samba is_known_pipename() Arbitrary Module Load
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
by Metasploit
CVSS 9.8
CERIO DT-100G-N/DT-300N/CW-300N - Multiple Vulnerabilities
by LiquidWorm
JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow Remote Code Execution
JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 8150 bytes to overflow the stack, overwrite return addresses, and execute shellcode in the application context.
by Juan Sacco
CVSS 9.8
Aries QWR-1104 Wireless-N Router Firmware WRC.253.2.0913 - Cross-Site Scripting via Wireless Site Survey AP Name
Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point.
by Touhid M.Shaikh
CVSS 6.1
Home Web Server 1.9.1 (build 164) - Remote Code Execution
by Guillaume Kaddouch
Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands
by Google Security Research
Google Chrome 60.0.3080.5 V8 JavaScript Engine - Out-of-Bounds Write
by halbecaf
Google Chrome 60.0.3080.5 V8 JavaScript Engine - Out-of-Bounds Write
by halbecaf
iPhone OS < 10.3.1, Safari < 10.1, tvOS < 10.2 - Remote Code Execution via WebKit Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
Safari < 10.1.1 - Universal Cross-Site Scripting via Pageshow Event Handling
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events.
by Google Security Research
CVSS 6.1
WebKit - 'ContainerNode::parserRemoveChild' Universal Cross-Site Scripting
by Google Security Research
Safari < 10.1.1 - Universal Cross-Site Scripting in WebKit via Container Node Interaction
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with container nodes.
by Google Security Research
CVSS 6.1
Safari < 10.1.1 - Universal Cross-Site Scripting via WebKit Editor Commands
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with WebKit Editor commands.
by Google Security Research
CVSS 6.1
Apple Safari 10.0.3(12602.4.8) / WebKit - 'HTMLObjectElement::updateWidget' Universal Cross-Site Scripting
by Google Security Research
Skia Graphics Library - Heap Overflow due to Rounding Error in SkEdge::setLine
by Google Security Research
Debian Linux < 45.9.0 - Use After Free
An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
by Google Security Research
CVSS 9.1
Debian Linux < 45.9.0 - Out-of-Bounds Read
An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
by Google Security Research
CVSS 9.1
iPhone OS < 10.3.1 and Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
Sophos Cyberoam Firewall Firmware <= 10.6.4 - Stored Cross-Site Scripting via LiveConnectionDetail.jsp Parameters
An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a request to the "LiveConnectionDetail.jsp" application. GET parameters "applicationname" and "username" are improperly sanitized allowing an attacker to inject arbitrary JavaScript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the user. A vulnerable URI is /corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp.
by Bhadresh Patel
CVSS 6.1
Dup Scout Enterprise 9.7.18 - '.xml' Local Buffer Overflow
by ScrR1pTK1dd13
Samba is_known_pipename() Arbitrary Module Load
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
by steelo
CVSS 9.8
NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion
by f3ci
By Source