Exploitdb Exploits
50,076 exploits tracked across all sources.
TOPSEC Firewalls - 'ELIGIBLECANDIDATE' Remote Code Execution
by Shadow Brokers
TOPSEC Firewalls - 'ELIGIBLEBOMBSHELL' Remote Code Execution
by Shadow Brokers
SIEMENS IP Cameras (Multiple Models) - Credential Disclosure / Configuration Download
by Todor Donev
MESSOA IP-Camera NIC990 - Authentication Bypass / Configuration Download
by Todor Donev
JVC IP-Camera VN-T216VPRU - Credentials Disclosure
by Yakir Wizman
C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S / DVR - Credentials Disclosure / Authentication Bypass
by Yakir Wizman
Qualiteam X-Cart < 4.1.3 - Remote Code Execution via cmpi.php Dynamic Variable Evaluation
Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.
by GulfTech Security
Linux Kernel < 4.7.4 - Use-After-Free in tcp_check_send_head
The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.
by Marco Grassi
CVSS 5.5
Cisco ASA Authentication Bypass (EXTRABACON)
Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.
by Shadow Brokers
CVSS 8.8
SIEMENS IP Camera CCMW1025 x.2.2.1798 - Remote Admin Credentials Change
by Todor Donev
Honeywell IP-Camera HICC-1100PT - Credentials Disclosure
by Yakir Wizman
Microsoft Windows and Office Products - Remote Code Execution via Crafted Embedded Font
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability," a different vulnerability than CVE-2016-3304.
by Google Security Research
CVSS 7.8
Microsoft Windows and Office - Remote Code Execution via Crafted Embedded Font
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability," a different vulnerability than CVE-2016-3303.
by Google Security Research
CVSS 7.8
Microsoft Windows and Office - Remote Code Execution via Crafted Embedded Font
The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability."
by Google Security Research
CVSS 7.8
SIEMENS IP-Camera CVMS2025-IR / CCMS2025 - Credentials Disclosure
by Yakir Wizman
WSO2 Identity Server 5.1.0 - Cross-Site Request Forgery in XACML Flow
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request.
by hyp3rlinx
CVSS 8.8
Microsoft Internet Explorer 11 - Remote Code Execution via Memory Corruption
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3290.
by Google Security Research
CVSS 7.5
Nagios Network Analyzer 2.2.0 - Multiple Vulnerabilities
by Security-Assessment.com
Nagios Log Server 1.4.1 - Multiple Vulnerabilities
by Security-Assessment.com
Nagios Incident Manager 2.0.0 - Multiple Vulnerabilities
by Security-Assessment.com
Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac - Remote Code Execution via Crafted File
Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."
by COSIG
CVSS 7.8
Pi-Hole Web Interface 2.8.1 - Persistent Cross-Site Scripting in Whitelist/Blacklist
by loneferret
By Source