Exploitdb Exploits
50,076 exploits tracked across all sources.
OpenSSH < 7.3 - Denial of Service via Long Password String
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
by SecPod Research
CVSS 7.5
Cisco Unified Communications Manager - Path Traversal
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.
by justpentest
NETGEAR D6220/D6400/R6250/R6400/R6700/R6900/R7000/R7100LG/R7300DST/R7900/R8000 Firmware - Remote Code Execution
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
by Acew0rm
CVSS 8.8
Microsoft Internet Explorer 9 - Remote Code Execution or Denial of Service via Memory Corruption
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
by Skylined
Microsoft Windows 10 (x86/x64) - WLAN AutoConfig Denial of Service (PoC)
by Jeremy Brown
Microsoft Internet Explorer 7-10 - Use-After-Free via Deleted Object Access
Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability."
by Skylined
Microsoft Edge and Internet Explorer 11 - Remote Code Execution via Memory Corruption
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
by Google Security Research
CVSS 7.5
Microsoft Edge - Remote Code Execution via Memory Corruption
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6153.
by Skylined
Microsoft Edge - Remote Code Execution via Memory Corruption
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."
by Skylined
CVSS 8.8
AF_PACKET chocobo_root Privilege Escalation
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
by rebel
CVSS 7.8
Android 6.x-7.0 - Privilege Escalation via System Server
An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31350622.
by Google Security Research
CVSS 7.8
Google Android - 'IOMXNodeInstance::enableNativeBuffers' Unchecked Index
by Google Security Research
Single Personal Message 1.0.3 WordPress Plugin SQL Injection
Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attackers can access the admin interface and supply crafted SQL statements in the message parameter to extract sensitive database information including user credentials and site configuration data.
by Lenon Leite
CVSS 7.1
DiskBoss Enterprise <8.2.14 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts.
by vportal
Dup Scout Enterprise 9.1.14 - Remote Buffer Overflow (SEH)
by vportal
Microsoft MSINFO32.EXE 6.1.7601 - '.NFO' XML External Entity Injection
by hyp3rlinx
Windows Event Viewer - Info Disclosure
An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.
To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to import the file.
The update addresses the vulnerability by modifying the way that the Event Viewer parses XML input.
by hyp3rlinx
CVSS 4.7
Apache CouchDB <2.0.0 - Privilege Escalation
The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1.
by hyp3rlinx
CVSS 7.8
Shuttle Tech ADSL Wireless 920 WM - Multiple Vulnerabilities
by Persian Hack Team
Alcatel-Lucent OmniVista 8770 2.0-3.0 - Unauthenticated Remote Code Execution via GIOP ORB Interface
Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server."
by malerisch
CVSS 9.8
By Source