Exploitdb Exploits
50,076 exploits tracked across all sources.
web2py < 2.14.5 - Cross-Site Request Forgery
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.
by Narendra Bhati
CVSS 8.8
eXtplorer 2.1.9 - Path Traversal via Archive Extraction
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file.
by hyp3rlinx
CVSS 7.8
CakePHP < 3.2.4 - IP Spoofing via CLIENT-IP HTTP Header
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
by Dawid Golunski
CVSS 7.5
Apple iOS <9.3.2, OS X <10.11.5, tvOS <9.2.1, watchOS <2.2.1 - RCE/DoS
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830.
by Brandon Azad
CVSS 7.8
NRSS RSS Reader 0.3.9-1 Stack Buffer Overflow
NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the return address and achieve code execution.
by Juan Sacco
CVSS 8.4
Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (2)
by Google Security Research
Trend Micro - 'CoreServiceShell.exe' Multiple HTTP s
by Google Security Research
Microsoft Windows Media Center - Remote Code Execution via Crafted MCL File
Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability."
by Eduardo Braun Prado
CVSS 7.8
WordPress Plugin Q and A (Focus Plus) FAQ 1.3.9.7 - Multiple Vulnerabilities
by Gwendal Le Coguic
WordPress Plugin Huge-IT Image Gallery 1.8.9 - Multiple Vulnerabilities
by Gwendal Le Coguic
FileZilla Client 3.17.0.0 - Unquoted Search Path
A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
by Cyril Vallicari
CVSS 6.3
Intuit QuickBooks Desktop 2007 < 2016 - Arbitrary Code Execution
by Maxim Tomashevich
CIScan 1.00 - Hostname/IP Field Overwrite (SEH) (PoC)
by Nipun Jaswal
Broadcom Wi-Fi driver - Memory Corruption
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.
by AbdSec
CVSS 9.8
Ipswitch WS_FTP LE 12.3 - Search field Overwrite (SEH) (PoC)
by Zahid Adeel
Adobe Acrobat and Reader < 11.0.16 - Remote Code Execution via Memory Corruption
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.
by Pier-Luc Maltais
CVSS 9.8
Nfdump Nfcapd 1.6.14 - Multiple Vulnerabilities
by Security-Assessment.com
JVC HDRs / Net (Multiple Cameras) - Multiple Vulnerabilities
by Orwelllabs
Dell SonicWALL Scrutinizer 11.0.1 - setUserSkin/deleteTab SQL Injection Remote Code Execution
by mr_me
Microsoft Windows - Local Privilege Escalation via WebDAV Client
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."
by hex0r
CVSS 7.8
By Source