Exploitdb Exploits
50,076 exploits tracked across all sources.
Red Hat JBoss Enterprise Application Platform 4 and 5 - Remote Code Execution via JMX Servlet Deserialization
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.
by Mediaservice.net Srl.
CVSS 8.8
Trend Micro IWSVA <6.5-CP-1737 - XSS
Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages. This was resolved in Version 6.5 CP 1737.
by SlidingWindow
CVSS 5.4
Tenda/Dlink/Tplink TD-W8961ND - 'DHCP' Cross-Site Scripting
by Vulnerability-Lab
Android < 6.0.1 - Remote Code Execution in Webview
A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937.
by Guang Gong
CVSS 8.8
Core FTP LE 2.2 - 'SSH/SFTP' Remote Buffer Overflow (PoC)
by hyp3rlinx
Linux Kernel 2.x-4.x < 4.8.3 - Local Privilege Escalation via Dirty COW Race Condition
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
by Gabriele Bonacini
CVSS 7.0
Microsoft Windows - Privilege Escalation
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
by IOactive
CVSS 7.8
Remote Utilities Host 6.3 - Denial of Service
by Peter Baris
osTicket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting
by Joaquin Ramirez Martinez
wget < 1.17 - Race Condition in Recursive/Mirroring Mode
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.
by Dawid Golunski
CVSS 8.1
Linux Kernel 2.6.32-642/3.16.0-4 - 'inode' Integer Overflow
by Todor Donev
SAP NetWeaver AS JAVA - 'BC-BMT-BPM-DSK' XML External Entity Injection
by ERPScan
Huawei UTPS <UTPS-V200R003B015D16SPC00C983 - Privilege Escalation
Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed.
by Dhruv Shah
CVSS 6.7
Microsoft Internet Explorer 8 - MSHTML 'Ptls5::LsFindSpanVisualBoundaries' Memory Corruption
by Skylined
EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery / Remote Command Execution
by hyp3rlinx
Linux kernel <4.5.2 - Privilege Escalation
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
by halfdog
CVSS 7.8
Linux kernel <4.5.2 - Privilege Escalation
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
by halfdog
CVSS 7.8
AppFusions Doxygen for Atlassian Confluence 1.3.2 - Cross-Site Scripting
by Julien Ahrens
Crestron AirMedia <1.4.0.13 - Path Traversal
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.
by Zach Lanier
CVSS 7.5
Microsoft JScript and VBScript - Remote Code Execution via Crafted Replace Operation with JavaScript Regular Expression
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted replace operation with a JavaScript regular expression, aka "Scripting Engine Memory Corruption Vulnerability."
by Skylined
Microsoft Edge - Remote Code Execution via Scripting Engine Memory Corruption
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," as demonstrated by the Chakra JavaScript engine, a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
by Security-Assessment.com
CVSS 7.5
Microsoft Edge and Internet Explorer 11 - Remote Code Execution or Denial of Service via Memory Corruption
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
by Skylined
CVSS 7.5
By Source