Exploitdb Exploits
50,076 exploits tracked across all sources.
Joomla! Component Spider Calendar Lite 3.2.16 - SQL Injection
by Ihsan Sencan
dotcms < 3.6.1 - Unauthenticated SQL Injection via categoriesServlet q/inode Parameters
An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment.
by Ben Nott
CVSS 9.8
Geutebruck IP Camera G-Cam/EFD-2250 <1.11.0.12 - Command Injection
An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution.
by RandoriSec
CVSS 9.8
NVIDIA Windows GPU Display Driver - Denial of Service or Privilege Escalation via DxgkDdiEscapeID 0x100008b
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potential escalation of privileges
by Google Security Research
CVSS 7.8
NVIDIA Windows GPU Display Driver - Denial of Service or Privilege Escalation via SubmitCommandVirtual DDI
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges.
by Google Security Research
CVSS 7.8
Windows GDI - Information Disclosure via Crafted EMF File
gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220.
by Google Security Research
CVSS 5.5
GOM Player 2.3.10.5266 - Memory Corruption via Crafted FPX File
GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.
by Peter Baris
CVSS 7.8
Joomla! Component JSP Store Locator 2.2 - 'id' SQL Injection
by Ihsan Sencan
Coppermine Gallery < 1.5.44 - Directory Traversal
by Hacker Fantastic
OpenText Documentum D2 4.x - Remote Code Execution via Deserialization
OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries.
by Andrey B. Panfilov
CVSS 9.8
Geutebruck IP Camera G-Cam/EFD-2250 <1.11.0.12 - Auth Bypass
An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution.
by RandoriSec
CVSS 9.8
Cisco Adaptive Security Appliance Software 9.0-9.6 - Authenticated Heap Overflow via Clientless SSL VPN CIFS URL
A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by sending a crafted URL to the affected system. An exploit could allow the remote attacker to cause a reload of the affected system or potentially execute code. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid TCP connection is needed to perform the attack. The attacker needs to have valid credentials to log in to the Clientless SSL VPN portal. Vulnerable Cisco ASA Software running on the following products may be affected by this vulnerability: Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA for Firepower 9300 Series, Cisco ASA for Firepower 4100 Series. Cisco Bug IDs: CSCvc23838.
by Google Security Research
CVSS 8.8
ShadeYouVPN Client 2.0.1.11 - Local Privilege Escalation
by Kacper Szurek
Microsoft Edge - Remote Code Execution via TypedArray.sort Use-After-Free
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7296, and CVE-2016-7297.
by Google Security Research
CVSS 7.5
Piwik 2.14.0/2.16.0/2.17.1/3.0.1 - Superuser Plugin Upload (Metasploit)
by Metasploit
Debian/Ubuntu ntfs-3g Local Privilege Escalation
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.
by Google Security Research
CVSS 7.8
BIG-IP Local Traffic Manager - Exposure of Sensitive Information via Session Tickets
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.
by @0x00string
CVSS 7.5
LG G4 - Touchscreen Driver write_log Kernel Read/Write
by Google Security Research
LG G4 - lghashstorageserver Directory Traversal
by Google Security Research
LG G4 - lgdrmserver Binder Service Multiple Race Conditions
by Google Security Research
Android 7.0 7.1.1 - Elevation of Privilege via Framework APIs Race Condition
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33042690.
by Google Security Research
CVSS 7.8
Android 7.0, 7.1.1 - Privilege Escalation via Framework APIs Race Condition
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33039926.
by Google Security Research
CVSS 7.8
By Source