Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-2442 EXPLOITDB MEDIUM html VERIFIED
Safari < 10.1 - Same Origin Policy Bypass via WebKit JavaScript Bindings
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
by Google Security Research
CVSS 6.5
CVE-2016-6816 EXPLOITDB HIGH text
Apache Tomcat 6.0.0-6.0.47, 7.0.0-7.0.72, 8.0.0.RC1-8.0.38, 8.5.0-8.5.6, 9.0.0.M1-9.0.0.M11 - HTTP Response Injection
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
by justpentest
CVSS 7.1
CVE-2017-2490 EXPLOITDB HIGH c VERIFIED
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Remote Code Execution or Denial of Service in Kernel
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2017-2454 EXPLOITDB HIGH html VERIFIED
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2459 EXPLOITDB HIGH html VERIFIED
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2476 EXPLOITDB HIGH html VERIFIED
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2471 EXPLOITDB HIGH html VERIFIED
Safari < 10.1 - Remote Code Execution via Use-After-Free in WebKit
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2455 EXPLOITDB HIGH html VERIFIED
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2460 EXPLOITDB HIGH html VERIFIED
Safari < 10.0.3 - Remote Code Execution via WebKit Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2466 EXPLOITDB HIGH html VERIFIED
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2473 EXPLOITDB HIGH c VERIFIED
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Remote Code Execution or Denial of Service in Kernel
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2017-2474 EXPLOITDB HIGH c VERIFIED
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Kernel Off-by-One Remote Code Execution
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. An off-by-one error allows attackers to execute arbitrary code in a privileged context via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2017-2478 EXPLOITDB HIGH c VERIFIED
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Race Condition in Kernel
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
by Google Security Research
CVSS 7.0
CVE-2017-2482 EXPLOITDB HIGH c VERIFIED
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Remote Code Execution via Kernel Buffer Overflow
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2017-2472 EXPLOITDB HIGH c VERIFIED
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Use-After-Free in Kernel
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2017-2483 EXPLOITDB HIGH c VERIFIED
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Kernel Buffer Overflow via Crafted App
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2017-2489 EXPLOITDB MEDIUM c VERIFIED
macOS < 10.12.4 - Unauthorized Kernel Memory Exposure via Intel Graphics Driver
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
by Google Security Research
CVSS 5.5
CVE-2017-2443 EXPLOITDB HIGH c VERIFIED
macOS < 10.12.4 - Memory Corruption in Intel Graphics Driver
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2017-0561 EXPLOITDB CRITICAL text VERIFIED
Linux Kernel - Remote Code Execution via Broadcom Wi-Fi Firmware
A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.
by Google Security Research
CVSS 9.8
CVE-2017-0569 EXPLOITDB HIGH text VERIFIED
Android Kernel <3.18 - Privilege Escalation
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34198729. References: B-RB#110666.
by Google Security Research
CVSS 7.0
CVE-2017-0561 EXPLOITDB CRITICAL text VERIFIED
Linux Kernel - Remote Code Execution via Broadcom Wi-Fi Firmware
A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.
by Google Security Research
CVSS 9.8
EIP-2026-107385 EXPLOITDB text VERIFIED
GeoMoose < 2.9.2 - Directory Traversal
by Sander Ferdinand
CVE-2016-9091 EXPLOITDB HIGH ruby VERIFIED
Blue Coat ASG <6.6.5.4 & CAS <1.3.7.4 - Command Injection
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.
by Chris Hebert
CVSS 7.2
CVE-2016-9091 EXPLOITDB HIGH ruby VERIFIED
Blue Coat ASG <6.6.5.4 & CAS <1.3.7.4 - Command Injection
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.
by Chris Hebert
CVSS 7.2
CVE-2017-14459 EXPLOITDB CRITICAL python
Moxa AWK-3131A <1.7 - OS Command Injection
An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.
by Talos
CVSS 10.0
By Source
All 50,076 Writeup 62,344 Exploitdb 50,076 Nomisec 22,425 Github 3,649 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,585 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 132 go 73 postscript 25 typescript 25