Exploitdb Exploits
50,076 exploits tracked across all sources.
Apple tvOS < 9.2.1 - Out-of-bounds Read via IOHIDDevice::handleReportWithTime
The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a different vulnerability than CVE-2016-1824.
by Google Security Research
CVSS 7.8
NVIDIA Graphics Drivers <10.11.5 - RCE/DoS
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app.
by Google Security Research
CVSS 7.8
macOS < 10.11.5 - Remote Code Execution or Denial of Service via Crafted App
IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
by Google Security Research
CVSS 7.8
macOS < 10.11.5 - Remote Code Execution via AppleGraphicsControlClient::checkArguments
The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
by Google Security Research
CVSS 7.8
Apple OS X < 10.11.5 - Remote Code Execution or Denial of Service via AppleGraphicsDeviceControlClient
AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
by Google Security Research
CVSS 7.8
Apple iOS <9.3.2-OS X <10.11.5-tvOS <9.2.1-watchOS <2.2.1 - RCE/DoS
The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
by Google Security Research
CVSS 7.8
Apple iOS <9.3.2, OS X <10.11.5, tvOS <9.2.1, watchOS <2.2.1 - RCE/DoS
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
by Google Security Research
CVSS 7.8
macOS < 10.11.5 - Remote Code Execution in NVIDIA Graphics Drivers
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.
by Google Security Research
CVSS 7.8
Apache Struts 2.3.19-2.3.20.2, 2.3.21-2.3.24.1, 2.3.25-2.3.28 - Remote Code Execution
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
by Metasploit
CVSS 9.8
Apple <9.3.2, <10.11.5, <9.2.1, <2.2.1 - Info Disclosure
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.
by Google Security Research
CVSS 5.1
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
by Metasploit
CVSS 9.8
IPFire - 'proxy.cgi' Remote Code Execution (Metasploit)
by Metasploit
Android 4.x-5.1.x and 6.x before 2016-06-01 - Privilege Escalation via sdcard Off-by-One Error
Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658.
by Google Security Research
CVSS 7.8
Cisco EPC3928 Firmware - Denial of Service via Long LanguageSelect Parameter
goform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long LanguageSelect parameter, related to a "Gateway HTTP Corruption Denial of Service" issue, aka Bug ID CSCuy28100.
by Patryk Bogdan
CVSS 7.5
Cisco EPC3928 Firmware - Denial of Service via Long h_sortWireless Parameter
goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a "Gateway Client List Denial of Service" issue, aka Bug ID CSCux24948.
by Patryk Bogdan
CVSS 7.5
Cisco EPC3928 EDVA 5.5.10, 5.5.11, 5.7.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCux24935.
by Patryk Bogdan
Cisco EPC3928 EDVA 5.5.10/5.5.11/5.7.1 - Unauthenticated Admin Function Execution
Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941.
by Patryk Bogdan
League of Legends Screensaver - Unquoted Service Path Privilege Escalation
by Vincent Yiu
League of Legends Screensaver - Insecure File Permissions Privilege Escalation
by Vincent Yiu
Cisco EPC3928 Firmware - Unauthenticated Sensitive Information Exposure via Boot Process Requests
Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information Disclosure" issue, aka Bug ID CSCux17178.
by Patryk Bogdan
CVSS 8.1
WordPress Simple-Backup 2.7.11 Arbitrary File Deletion and Download
WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete_backup_file and download_backup_file parameters in tools.php. Attackers can exploit insufficient input validation using directory traversal techniques to access wp-config.php, database dumps, and other sensitive files, or delete critical files .htaccess to expose backup directories.
by PizzaHatHacker
CVSS 7.5
Newspaper < 6.7.2 - Improper Privilege Management via td_ajax_update_panel
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
by wp0Day.com
CVSS 9.8
Valve SteamOS < 3.42.16.13 - Local Privilege Escalation via Weak File Permissions
Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file.
by Gregory Smiley
CVSS 4.8
By Source