Exploitdb Exploits
50,076 exploits tracked across all sources.
VMware Workstation Pro and Player 12.x - Remote Code Execution via Cortado ThinPrint EMFSPOOL TrueType Fonts
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL.
by Google Security Research
CVSS 7.8
VMware Workstation Player 12.x - Remote Code Execution via JPEG 2000 Image
tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image.
by Google Security Research
CVSS 7.8
WordPress Plugin Order Export Import for WooCommerce - Order Information Disclosure
by david-peltier
ShoreTel Connect ONSITE - Blind SQL Injection
by Iraklis Mathiopoulos
Kajona 4.7 - Cross-Site Scripting / Directory Traversal
by Curesec Research Team
Docker Daemon - Local Privilege Escalation (Metasploit)
by Metasploit
MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities
by Paul Baade & Sven Krewitt
Joomla! Component Portfolio Gallery 1.0.6 - SQL Injection
by Larry W. Cashdollar
Joomla! Component Catalog 1.0.7 - SQL Injection
by Larry W. Cashdollar
Cisco ASA 9.2(3) - 'EXTRABACON' Authentication Bypass
by Sean Dillon
NetBSD <7.0 - Local Privilege Escalation
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
by Metasploit
CVSS 7.8
PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure
by Yakir Wizman
Google Android - getpidcon Usage binder Service Replacement Race Condition
by Google Security Research
Open-Xchange OX Guard < 2.4.2 - Stored Cross-Site Scripting via PGP Public Key Name
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites, users might get lured into a phishing scheme. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
by Benjamin Daniel Mussler
CVSS 6.1
Open-Xchange OX Guard < 2.4.2 - Unauthenticated Stored Cross-Site Scripting via Guest Reader Parameter
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks against arbitrary users since no prior authentication is needed. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.) in case the user has an active session on the same domain already.
by Benjamin Daniel Mussler
CVSS 6.1
Zapya Desktop 1.803 - 'ZapyaService.exe' Local Privilege Escalation
by Arash Khazaei
WinSMS 3.43 - Insecure File Permissions Privilege Escalation
by Tulpa
Multiple Icecream Apps - Insecure File Permissions Privilege Escalation
by Tulpa
Battle.Net 1.5.0.7963 - Insecure File Permissions Privilege Escalation
by Tulpa
Microsoft Internet Explorer 11.0.9600.18482 - Use After Free
by Marcin Ressel
By Source