Exploitdb Exploits
50,076 exploits tracked across all sources.
iPhone OS < 10.2.1 - Remote Code Execution via JavaScript String.replace Use-After-Free
Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file.
by saelo & niklasb
CVSS 8.8
Serviio PRO 1.8 Unauthenticated Password Change via REST API
Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication.
by LiquidWorm
CVSS 7.5
Serviio PRO 1.8 Local Privilege Escalation via Unquoted Path
Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users group allow authenticated users to replace the executable file with arbitrary binaries, enabling privilege escalation during service startup or system reboot.
by LiquidWorm
CVSS 7.8
Serviio PRO 1.8 REST API Information Disclosure
Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrieve potentially sensitive configuration data without authentication.
by LiquidWorm
CVSS 7.5
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution
by LiquidWorm
Microsoft Internet Explorer 11 - 'CMarkup::DestroySplayTree' Use-After-Free
by Marcin Ressel
WordPress <= 4.7.4 - Unauthenticated Weak Password Recovery Mechanism via Host Header Manipulation
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message.
by Dawid Golunski
CVSS 5.9
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
by Dawid Golunski
CVSS 9.8
Ghostscript Type Confusion Arbitrary Command Execution
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
by Metasploit
CVSS 7.8
Zyxel P-660HW-61 Firmware < 3.40(PE.11)C0 Router - Local File Inclusion
by ReverseBrain
Tuleap < 9.7 - Authenticated OS Command Injection via PhpWiki SyntaxHighlighter Plugin
Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap user can control this value, even with shell metacharacters, as demonstrated by a '<?plugin SyntaxHighlighter syntax="c;id"' line to execute the id command.
by Ben Nott
CVSS 8.8
HideMyAss Pro VPN Client for OS X 2.2.7.0 - Local Privilege Escalation
by Han Sahin
MySQL Server <5.6.35, <5.7.17 - DoS
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.
by Rodrigo Marcos
CVSS 7.5
HideMyAss Pro VPN Client for macOS 3.x - Local Privilege Escalation
by Han Sahin
Alerton Webtalk 2.5/3.3 - Multiple Vulnerabilities
by David Tomaschik
Panda Free Antivirus 18.0 - Denial of Service via Crafted DeviceIoControl Request
PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver.
by Peter Baris
CVSS 5.5
admidio 3.2.8 - Cross-Site Request Forgery in Members Function Module
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
by Faiz Ahmed Zaidi
CVSS 4.5
Internet Explorer - Remote Code Execution via Memory Corruption
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability."
by Google Security Research
CVSS 7.5
Mercurial - Custom hg-ssh Wrapper Remote Code Exec (Metasploit)
by Metasploit
By Source