Exploitdb Exploits
50,076 exploits tracked across all sources.
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
Proxifier for Mac <2.19 - Privilege Escalation
Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program.
by Mark Wadham
CVSS 7.8
Brother MFC/DCP/ADS/HL Firmware - Improper Authentication via AuthCookie Exposure
On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W.
by Patryk Bogdan
CVSS 9.8
Moxa MXView 2.8 - Unauthenticated Exposure of Sensitive Information via Private Key File
Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.
by hyp3rlinx
CVSS 7.5
Moxa MX-AOPC Server 1.5 - Info Disclosure
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.
by hyp3rlinx
CVSS 5.0
Moxa MXView 2.8 - Denial of Service via Long Login Credential Payload
Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.
by hyp3rlinx
CVSS 7.5
Quest Privilege Manager < 6.0.0.061 - Arbitrary File Write and Remote Code Execution via ACT_NEWFILESENT Action
pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.
by m0t
CVSS 7.2
EIP-2026-101134
EXPLOITDB
Sony Playstation 4 (PS4) 3.50 < 4.07 - WebKit Code Execution (PoC)
by Specter
Intellinet NFC-30ir IP Camera <LM.1.6.16.05 - Path Traversal
Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization.
by Dimitri Fousekis
CVSS 4.9
QNAP QTS < 4.2.4 - OS Command Injection
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.
by Harry Sintonen
CVSS 9.8
QNAP QTS < 4.2.4 - OS Command Injection
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.
by Harry Sintonen
CVSS 9.8
BlazeDS < 3.2 - Information Disclosure via XML External Entity Injection
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
by Tess Sluyter
CVSS 6.5
WordPress Plugin WHIZZ < 1.1.1 - Cross-Site Request Forgery
by Zhiyang Zeng
WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting
by dxw
WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting
by dxw
WordPress Plugin CopySafe Web Protect < 2.6 - Cross-Site Request Forgery
by Zhiyang Zeng
By Source